In Blog, Security

What is Full Disk Encryption (FDE)?

We live in an age of security breaches. It’s hard to turn on the news and not hear about another compromised company. An attack vector for such hacks that’s growing in frequency is system theft. Studies show that a laptop is stolen every 53 seconds. Once stolen, the laptop’s hard drive can be removed and opened via another machine, laying out the drive’s juicy data for a hacker to prey upon. These attacks can be prevented with full disk encryption. But, what is full disk encryption (FDE)?

What is Full Disk Encryption (FDE)?

Full disk encryption employs at rest encryption software, such as BitLocker for Windows® systems or FileVault 2 for Macs®, to improve hard drive security. With FDE, a computer’s data is encrypted during periods where the machine is off, or at rest. That way, the drive’s data can only be accessed in one of two ways. Of course, the first option is inputting user credentials and opening up the laptop as normal. The other option, such as in the case of laptop theft or a similar event, requires that the drive is unlocked via a complex recovery key if the password is not available. Of course, the hope is that the thief will not know either the password or the recovery key, so therefore the data would be inaccessible.

Because of the nature of full disk encryption, bad actors are less likely to be able to purge a swiped hard drive’s information, making the system more secure as a whole. Data at rest is so widely regarded for its ability to promote security that it is a requirement for many compliance regulations including PCI, HIPAA, and GDPR. Encrypted data is especially pertinent for HIPAA compliance, as one of the healthcare industry’s biggest breaches was due to the theft of an unencrypted laptop.

Full Disk Encryption in IT

While it certainly has its benefits, full disk encryption is not as widely used as you would think it should be. In IT especially, enterprise implementations of FDE are proving to be a more difficult task than some sysadmins feel is worth. In today’s modern, heterogeneous IT environments, enabling two different at rest encryption softwares (BitLocker & FileVault 2) across a multitude of Mac and Windows machines isn’t easy. Most admins either have to utilize a patchwork of solutions to do so for each software, or do so on each system manually. This is not to mention the process of obtaining and storing recovery keys in case a password is forgotten.

Thankfully, a solution in the IT space is enabling full disk encryption across both platforms, and it’s automating the process at that. It’s called JumpCloud® Directory-as-a-Service®, and is a third party, cloud-based directory service. Using JumpCloud’s cross-platform GPO-like capabilities, called Policies, IT admins can enable FDE on a fleet-wide basis, and create an automated process for enforcing FDE on newly onboarded employee systems as well.

JumpCloud’s Full Disk Encryption Policies

JumpCloud is revolutionizing the concept of full disk encryption management with its policies for Mac and Windows. With the Directory-as-a-Service platform, sysadmins no longer have to worry over looming threats of hard drive compromise, no matter the system. Good security protocols start at the system level, and with JumpCloud’s FDE Policies (and others such as screen saver lock, disable USB, and more), you can ensure that your IT organization’s security is up to snuff.

To learn more about full disk encryption and Directory-as-a-Service Policies, you can contact us with questions. By scheduling a JumpCloud demo, you can see the product, it’s Policies, and so much more firsthand. Of course, if JumpCloud seems like the FDE-enabling solution for you, consider signing up. Your account is free and comes with ten free users to get you started.

Recent Posts