What are the full disk encryption options for Windows in small- and medium-sized businesses? Should I implement a standalone solution or invest in a centrally managed one?
This is becoming a more common concern as IT and security managers at small- and medium-sized businesses (SMBs) are realizing the benefits of full disk encryption.
Many others are finding that encryption is necessary for compliance with regulations such as the Health Insurance Portability and Accountability Act (HIPAA), safe harbor privacy rules and state breach-notification laws. Still, other organizations are contractually required by their customers or business partners to use encryption.
It's easy for vendors to simply sell SMBs on their enterprise offerings, and enabling the hard drive encryption built into Windows 7 and Windows 8 may seem to be the quickest and easiest way to proceed. Before you take any action, though, step back and assess what you really need.
Simply put, the reason businesses -- even small ones -- are being asked to encrypt their hard drives is to ensure that sensitive data (typically consumer information) is kept out of harm's way. Experts believe that if the drive is encrypted and the system is lost or stolen, then that data cannot be recovered and used in an unauthorized manner. Before you "encrypt it and be done with it," you have to consider a few things:
- Are you technical enough to enable encryption on your systems, and patient enough to train your users on what it does, how it works, etc.?
- How many computers do you have? You need to consider laptops, desktops and even servers that might be at risk, physically. If it's just a handful -- say, a few dozen -- then standalone encryption products such as Symantec Endpoint Encryption and BitLocker may be just fine.
- Do you feel like you can support the inevitable forgotten password and lost encryption keys, audit logging and, if necessary, adhering to the HIPAA requirement of being able to prove that encryption was enabled? If not, you might consider an enterprise-ready system from a vendor such as WinMagic or at least implement Microsoft BitLocker Administration and Monitoring.
The good news is, there's no right or wrong answer for SMBs. You just need to get started doing something. Take your time upfront and think things through and, by all means, avoid the common full disk encryption gotchas that can negate any otherwise perceived benefits.
Avoid grief from lost laptops with full disk encryption
Comparing Windows 8 BitLocker and hard drive encryption alternatives
Windows 8.1 tightens encryption, but know how it affects hardware
Dig deeper on User passwords and network permissions
Related Q&A from Kevin Beaver
For an enterprise application, assuming our development team does lots of little changes (in two- to three-week iterations), how frequently should we...continue reading
Is the PCI DSS a sufficient guideline for implementing an application security program? Should organizations take steps beyond the mandated PCI ...continue reading
The number of endpoint security vulnerabilities is daunting, but endpoint admins should first focus on updating patches against Windows malware.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.