Superconductor

There's an interesting post on Slashdot with the somewhat controversial title "Avoiding the PGP Whole Disk Encryption Craze." The original poster asks the Slashdot community for their views on the drawbacks or limitations that using PGP Whole Disk Encryption might cause. The replies seem to miss a few points, so I thought that I should mention them here.

First, there's the question about why people would ever encrypt the disks of a server. I've seen this done in at least a few cases, and the reason has always been to reduce theft of servers. In places where theft of servers is rampant, making stolen servers less useful to the thieves seems to reduce the number of servers stolen, and encrypting the disks seems to be a good way to do this.

Next, there's the question of the limits of encrypting laptops that seems to be overlooked. Encrypting laptops does a good job of protecting against some types of data breaches, but not all of them. If a laptop is lost or stolen, if its hard drive is encrypted, it's unlikely that the data on the laptop will be compromised. On the other hand, data on laptops gets compromised in ways other than by having the laptop getting lost or stolen. Data gets copied to USB drives or CDs, for example, and once it leaves the protection of the encrypted hard drive, it's unprotected. It's possible to work around this limitation of whole disk encryption in at least two ways.

The first way is to simply restrict the use of USB drives and CD drives. Some businesses do this today, but this isn't a perfect solution. At the recent ASC X9 meeting that I attended, we were routinely transferring documents back and forth with a USB drive, which left one unfortunate person unable to get the documents because his USB port was disabled due to security concerns. So there's definitely a price that's paid in lost productivity if that's the approach that's taken.

Another approach is to use a data-centric security model in which the data is encrypted and stays encrypted wherever it goes. If you do this, when you copy data from a hard drive onto a USB drive or CD, the data stays encrypted, so it's still protected if it's lost. Implementing data-centric security is probably more complex than other approaches because an application has to decide what data to encrypt and then actually do the encryption.

If you have a database of credit card numbers that you want to protect in this way, you need for some application to find the credit card numbers and to encrypt them. You also need to have applications be aware that the credit card numbers are stored encrypted, so that they can decrypt them when they're needed. This isn't necessarily hard, but it's certainly more complicated than just encrypting an entire column of a database or the entire hard drive of a laptop. It requires writing some code, but not very much. On the other hand, it's also much more effective at preventing data breaches. If data that's protected by data-centric security is transferred to another device, it's still encrypted, so that the loss or theft of that device won't compromise any sensitive data. Maybe that's the future of encryption.