This article can also be found in the Premium Editorial Download "Storage magazine: Top 15 Storage hardware and software Products of the Year 2006."

Download it now to read this article plus other related content.

Encrypted file system
Ironically, most laptops today already have encryption, although most people don't realize it. Microsoft's Windows EFS has long come as part of Windows OS. But EFS comes up short as an encryption approach that will allow you to avoid notification requirements in the event of the loss of a laptop with sensitive data.

"Windows EFS is the most common solution, but it can be circumvented easily if you know what you are doing," says GlassHouse's Preston. "Anything that relies on [a] Windows' user name and password is pretty hackable." Once a user is authenticated by Windows, EFS encryption and decryption is automatic.

Other shortcomings include its weak encryption algorithm, which falls short of the strength provided through 256-bit AES encryption, today's corporate security standard. EFS also lacks a public/private key mechanism, which eliminates the complications of key management but further weakens security.

Still, some security experts aren't so quick to dismiss EFS, using the logic that it's better than nothing. "Most users don't need fancy encryption and PKI," says Cybertrust's Cooper. "They can use the encryption built into Windows [EFS], which costs zero." For those wanting to bolster EFS, he recommends using PGP encryption within EFS, which strengthens security but adds complexity.

Even Microsoft recognizes the shortcomings of EFS. For its new Vista Windows OS release, Microsoft

Requires Free Membership to View

will offer BitLocker Drive Encryption. According to Micro-soft, BitLocker Drive Encryption provides increased protection through a combination of full-drive encryption and integrity checking of early boot components. Integrity checking of early boot components prevents someone from circumventing encryption by booting the drive through another OS. With BitLocker Drive Encryption, data decryption is performed only if the boot components appear unmolested and the encrypted drive is located in the original computer. BitLocker Drive Encryption encrypts the entire Windows volume, including all user and system files, plus any swap and hibernation files.

This was first published in February 2007

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: