What's the best way to lock down mobile drives to keep them secure?

What's the best way to lock down mobile drives to keep them secure?

Storage security information

    Requires Free Membership to View

    Login

    When you register for SearchStorage.com, you’ll also receive targeted emails from my team of award-winning editorial writers. Our goal is to keep you informed on the hottest topics, the latest news and the biggest challenges you face as a storage professional today.

    Rich Castagna, Editorial Director

    By submitting your registration information to SearchStorage.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchStorage.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

You have several options. You can perform full disk encryption or just encrypt a specific partition on the drive. There are pros and cons to each. With full disk encryption, everything is locked down and secure. If the drive is stolen or lost, nobody will access the data. There is a loophole when encrypting laptops. If the laptop is stolen while the unit is powered up and a user is logged in, the disk may be in its unlocked state and data on the drive may be accessible. There are many benefits to full disk encryption, but there are drawbacks; people lose their passphrases, drives can still fail and it's important to use a centrally managed encryption system so that an administrator need not physically manage each individual machine. I personally lost several days trying to restore one of my own disks that had been fully encrypted.

There is also a lot of value if you'd prefer to create an encrypted partition on a drive, rather than encrypting the entire disk. The problem with encrypting partitions, or encrypting certain folders using Windows EFS built into Windows XP, is that you're now relying on users to store their sensitive information properly -- users must choose to place their data on the protected partition. Unfortunately, it's poor practice to rely on the user to store data securely. People get careless, they get busy, they get distracted and they'll wind up storing data on their desktop or some other unsecure location.

Still, these are the two best options. While this mostly relates to laptops, don't forget about servers and workstations that are susceptible to physical theft, as well as thumb drives, external hard drives and other mobile storage devices.

Listen to the Storage Security FAQ audiocast here.

Go to the beginning of the Storage Security FAQ Guide.


This was first published in March 2007

Back to top