What type of encryption is best: Hardware, whole disk or file- and directory-based?
Well, it's dependant on your environment. If you are trying to encrypt disks in a storage area network (SAN) or network attached storage (NAS) environment, you may not have a choice except to go with whatever your vendor offers. Or, you might not have any encryption options at all. So, it depends on the particular hardware you are using, the management systems that you are using, whether or not you have laptops, etc.
I'm not a big fan of partition- or directory-based encryption because at that point you are relying on applications and/or people to make sure sensitive information gets where it's supposed to go. And, we've all learned the hard way that you simply can't rely on this. All it takes is for a user to store a document someplace outside the encrypted area, and it's completely vulnerable.
Check out the entire Storage Encryption FAQ guide.
04 Oct 2007