Encryption of data sent over the Internet is of obvious importance. The basic idea behind encryption for an organization’s computers can also be of similar necessity for the organization.
In many cases, the data stored on a computer’s hard drives, on external hard drives, and on flash drives, memory sticks, compact flash and other devices is stored completely unencrypted. What this means, basically, is that if the drive is removed and installed into another computer, everything on that drive can be read.
There have been reports about images stored on digital photocopiers being opened and viewed after these copiers were retired or resold. The copiers scanned the pages to be copied, stored them on a hard drive, and then printed the copies using the image stored on the hard drive. Had the drives been encrypted – and a password required at the start of the work day – the sensitive data on the drives would have been virtually irretrievable.
Creation of encrypted folders on your organization’s drives can go a long way towards reducing the risk of data falling into the wrong hands, should the drives or storage devices ever be sold, lost, or retired. Without the key (a ‘password’ that is used to define the formulas used for encrypting and decrypting the data onto the drives), the data in the encrypted folders would be virtually useless.
So – hoping to have established the necessity of encrypting your data (some, if not all), let’s look at some of the ways this can be done.
In a previous blog, we looked at hard drives with encryption built in to the drive. On this type of drive, when the drive is installed into the computer, the computer and the hard drive are both set up to establish the encryption code. Once this is done, every time the computer is restarted, a password is typed, which enables a link between the computer and the hard drive to be established. Thereafter, the encryption chips on the hard drive will handle the task of encrypting data going onto the drive and decrypt data coming off the drive.
One of the important benefits of having hardware encryption is that the computer housing the drive doesn’t have to do any special processing to encrypt or decrypt the data on the drive. With many drives, or many processes running on the computer, having the security for the drive handled by hardware ON THE DRIVE can provide performance advantages.
A second option is to use software to handle data encryption and decryption. A recent blog explored some of the software options for encrypted flash drives, and the use of a flash drive as a security key for directories on computers to which the secure drive is attached. The software can come already stored on the drive, or other software can configure the drive for encryption.
Software encryption and security products can do an excellent job, but because the security processes are done in software, computer cycles are used in order to move data between computer and encrypted drives or folders. A software approach can impair the computer’s performance because the encryption and decryption programs are always running.
Further, it may be possible to have more than one encryption software package running concurrently. (For example, you may have two encrypted flash drives plugged in to a computer – each using different software, and a hard drive installed on the same computer, using a third type of software). The possibility of more significant performance problems or, worse still, conflicts between the software programs that may crash the computer or that disable one or more of the programs hasn’t been tested, but it wouldn’t be surprising if using more than one ‘standard’ software application for data encryption would cause significant problems.