Is full-disk encryption worth it? Pokémon

Software

Photo of a magazine showing an article about Pokémon computer game.

Don’t you love headlines that can be answered so easily? From Infoworld, one of my favourite sources of whitepapers which I read for a hobby because I’m a nerd:

The Ponemon Institute’s research study, entitled “The TCO of Software vs. Hardware-based Full Disk Encryption,” claims to provide an answer. The study, conducted last year, polled more than 1,300 IT and IT security professionals in four countries — the United States, the United Kingdom, Germany, and Japan — for detailed information about their use of and expectations for hardware-based full-disk encryption.

Perhaps it’s because I had a long day, but I reread that paragraph at least five times, and I kept seeing “Pokémon Institute”.

The results, recently reanalyzed with new insights provided in a follow-up paper, showed that full-disk encryption came at a fair cost, in big part because of the time and labor involved in deploying it. But the perceived benefits for using full-disk encryption far outweighed those costs.

An interesting read, but nothing surprising. Whole drive encryption would have added tremendous computational overhead to already slow machines back in the day, but today there really aren’t any good [technical] reasons for eschewing (gesundheit) it.

From an enterprise perspective, the biggest arguments I’ve heard against it have been those initial deployment costs, and the added potential complexity for data recovery. That’s not a problem though, because everyone backs up. R-right?

Then there’s the issue of vendor support, or lack thereof. Mac OS X, the BSDs and all major Linux distributions ship with whole drive encryption as a configuration option, but Microsoft’s BitLocker is only offered on the non-consumer flavours of Vista, 7 and 8.

It’s regrettable Microsoft places more importance on artificial product differentiation than the privacy of their home customers’ data. No catching ‘em all today.

Author bio and support

Me!

Ruben Schade is a technical writer and IaaS engineer in Sydney, Australia who refers to himself in the third person in bios. Wait, not BIOS… my brain should be EFI by now.

The site is powered by Hugo, FreeBSD, and OpenZFS on OrionVM, everyone’s favourite cloud infrastructure provider.

If you found this post helpful or entertaining, you can shout me a coffee or buy some silly merch. Thanks!