It seems like all mobile and fixed drives need to be encrypted to be secure. Is this true?
No, not necessarily. It all depends on where your sensitive information is stored and how accessible it is. These are the types of things that are determined by a security assessment. I can tell you that if you don't have good physical security controls over your desktops and your servers -- whether you have a wiring closet or an all out data center -- it's not going to hurt to
those drives. All it's going to take is someone breaking in, stealing the systems and having full access to everything on them.
There's not an easy answer to this question. It all depends on your threats, vulnerabilities and the business risks that evolve out of that. So, it's going to be different for every organization.
Check out the entire Storage Encryption FAQ guide.
This was first published in October 2007