Full Disk Encryption isn't FDE anymore

A few years ago, encryption was a topic discussed at the NSA or MIT, not in the corporate boardroom. Times have changed!

Given the slew of privacy regulations and publicly disclosed breaches, laptop encryption has become a must-have.

As companies buy encryption software to cover this requirement, however, another pattern is emerging. Don't let that $150 per user licensing fool you--FDE has become a commodity. The federal government negotiated a deal to pay around $15 per seat for FDE, and I've seen big deals as low as $5 per seat. To their credit, the FDE software vendors anticipated this inevitable trend and are now wrapping additional functionality around their FDE contracts to sweeten the deals and provide customers with more security. McAfee/SafeBoot bundles in Data Leakage Prevention (DLP); PointSec adds port blocking, etc.

The bottom line is that FDE alone isn't cutting it anymore; large organizations want and are willing to pay for more. This moves the FDE market in two diverse directions. On the one hand, big endpoint security vendors like McAfee, Symantec, and Trend Micro can simply make FDE a feature in their suites for cost-conscious customers and charge a few extra bucks for the favor. This makes FDE easy for the masses. On the other hand, FDE will be offered as part of much bigger and focused data security offerings. BitArmor and PGP come to mind here.

Ultimately, FDE fades into the infrastructure, embedded in Intel chips, Microsoft operating systems, and Seagate Technology hard drives. In the meantime, the remaining FDE crowd is scrambling to remain relevant. FDE as a feature in a greater data security suite is a good plan for the long term. FDE as a business opportunity is all but gone.

Jon Oltsik is a senior analyst at the Enterprise Strategy Group.

[AnonTip]

DELL has backdoor access even to FDE enabled HDs by restricting users to only user-level passwords in the BIOS.

Any DELL tech can give anyone the admin password to bypass the hardware encryption on your HDs.

You can use M$ Bitlocker software encryption instead and trust their assurances they don't provide backdoor access - but do you really trust them?

Beware phony "feel-good" encryption! And check out all the "index.dat" files hidden throughout your XP & Vista systems sometimes. You'll be amazed at the detailed lists of all the URL & filenames you've accessed over the years (such as pics you've viewed) regardless of all the so-called disk wipe utilties. It gives new meaning to "domestic spying"...

[DebunkFraud]

Unfortunately your post is both inaccurate and misleading, one would assume intentionally.

Of the top laptop manufacturers some sell encrypting drives that only use BIOS ATA passwords, and Dell is NOT one of them.

Dell sells the Seagate FDE hard drives that support advanced password authentication integrated directly into the drive security controller, and this has nothing to do with the BIOS ATA password, as you would attempt to mislead readers to believing. Once properly configured these drives are as or more secure than software encryption and certainly have NO back door.

Don't take my word for it however, read up for yourselves, including information on the NSA approval granted to the drives for secure government use, here: http://www.seagate.com/ww/v/index.jsp?locale=en-US&name=null&vgnextoid=bd8f322b02fd9110VgnVCM100000f5ee0a0aRCRD

As for feel good, does being able to fully provision and activate full disk encryption in seconds compared to hours (for software encryption) sound like a "feel good?" I'd hope so.

[ldimegli]

You're missing one big freebie, that's TrueCrypt. Earlier this year they released FDE and it works great and is completely free.

[knguyeniii]

I think the trend in FDE, as you have mentioned, is common in many industries. People naturally want services or products to be comprehensive. Adobe does this with it Creative Suite portfolio and Microsoft with Office. The list can go on.

You can also see this in many other different industries. For example, in shipping and banking. All of the major global express shipping companies are trying to provide "end-to-end" services for the distribution and handling of all physical deliverable. I don't think it's because the likes of FedEx and UPS are trying to shove more services into people's mouths...but rather companies actually want to have a one-stop shop for all delivery needs. Main benefit: companies can focus on doing their business.

Going back to what you have mentioned, I agree that FDE should play a greater role if companies are trying to make a comprehensive end-to-end data protection product suite. You mentioned BitLocker and PGP being good examples. I think SECUDE.com is another good example (they also integrate Seagate FDE HDDs).

Perhaps the real goal of providers, with strong FDE products, is how to manage the "FDE process" across large organizations. Surely hardware with embedded encryption cannot do this coherently alone. The way I see it: hardware provides the raw encrypting horsepower, the software coordinate this raw horsepower for the whole organization.

If companies are going to use software to manage FDE, then it makes sense to have the same software (or provider) manage the remaining aspects of data protection (e.g., file, folders, emails).

There is actually a wikipedia posting on FDE providers:
http://en.wikipedia.org/wiki/Comparison_of_disk_encryption_software

Another interesting article relevant to FDE:
http://en.wikipedia.org/wiki/Cold_boot_attack

[salvationdata2009]

TrueCrypt, they released FDE which works great and is completely free.

------------------------------------------------
Leon
http://www.hddoctor.net

[rahulkopi]

Also checkout Seclore (www.seclore.com). They have a true and very good complimentary solution to disk encryption.