What type of encryption is best: Hardware, whole disk or file- and directory-based?

What type of encryption is best: Hardware, whole disk or file- and directory-based?

Well, it's dependant on your environment. If you are trying to encrypt disks in a storage area network (SAN) or network attached storage (NAS) environment, you may not have a choice except to go with whatever your vendor offers. Or, you might not have any encryption options at all. So, it depends on the particular hardware you are using, the management systems that you are using, whether or not you have laptops, etc.

    Requires Free Membership to View

    Login

    When you register for SearchStorage.com, you’ll also receive targeted emails from my team of award-winning editorial writers. Our goal is to keep you informed on the hottest topics, the latest news and the biggest challenges you face as a storage professional today.

    Rich Castagna, Editorial Director

    By submitting your registration information to SearchStorage.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchStorage.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

Storage security information
Compression, deduplication and encryption: What's the difference?

Mobile device security in six simple steps

Five must-have storage security testing tools
All this hype and noise we've been hearing over the past six months to a year really involves laptops, desktops and basic server drive encryption. So, to answer your question in that context, I like whole-disk encryption. It really is the most foolproof and dependable that I've seen. That said, I haven't used the hardware offerings, like Seagate's Momentus drives.

I'm not a big fan of partition- or directory-based encryption because at that point you are relying on applications and/or people to make sure sensitive information gets where it's supposed to go. And, we've all learned the hard way that you simply can't rely on this. All it takes is for a user to store a document someplace outside the encrypted area, and it's completely vulnerable.

Check out the entire Storage Encryption FAQ guide.


This was first published in October 2007

Back to top