By Ryan Squires Posted February 5, 2019
Lost data accounts for a large number of security breaches and, unfortunately, major fines. These fines are levied against companies at large, despite the fact that it could have only been one laptop that was lost or stolen. Given the portability of laptops stuffed with highly sensitive patient or cardholder data, it’s easy to see why just about all the major compliance initiatives such as HIPAA, PCI, and others require data encryption. In this article, we’ll discuss why business owners and executives should use full disk encryption, not just on their own system, but company wide.
FDE Management and Benefits
The concept behind FDE is actually quite simple, even though, historically, the managing of it has not always been quite so easy. FDE management is difficult because it requires the manual storage of recovery keys and individually “turning on” encryption on systems. With potentially hundreds or thousands of systems in a single IT environment, these two tasks alone present quite a challenge. Unfortunately, the two aforementioned pain points forced a lot of organizations to forgo using FDE, often to their detriment.
Organizations can be hurt because data that is kept unencrypted can easily be recovered by hackers either through stolen laptops or systems or different modes of attack. As a result, a best practice from a security perspective is to encrypt data so that a lost or stolen hard drive cannot reveal the underlying data. Even if an organization isn’t convinced that encrypting data is a security item, should they fall subject to any data or privacy regulations, they will be forced to comply. Our Top 5 Recent Healthcare Security Breaches highlights differing scenarios about how failing to enable FDE can hurt your organization.
Enough of the doom and gloom. Benefits surrounding the usage of full disk encryption are both tangible and intangible. With FDE properly enabled to each system in your fleet, risk of data compromise is greatly reduced. Further, compliance with regulations results in the prevention of potential fines due to lost or stolen hard drives / systems. A key intangible benefit is peace of mind. Knowing that your systems are protected should they get stolen or forgotten on a bus is a nice safety net to have. All told, full disk encryption can save you the perils of lost data, money, and stress.
FDE Enabled and Managed from the Cloud
Thankfully, the benefits of full disk encryption can now be leveraged without all the pain that came along with managing it in the past. A new generation of system management tools is making the process of managing full disk encryption on Windows® (BitLocker) and Mac® (FileVault) a turnkey process.
With JumpCloud® Directory-as-a-Service®, you can deploy GPO-like Policies to both Mac and Windows systems and force those machines to enable full disk encryption. No more going around and enabling the technology on a system-by-system basis. Further, JumpCloud can securely vault the recovery keys that are needed to unlock a system should the user forget his/her password. Now, MSPs and IT admins can build a strong practice of encrypting drives, ensuring the roovery keys are securely vaulted, and then having the visibility to report which systems have FDE enabled and which ones do not.
Enable FDE with JumpCloud Today
Curious about how JumpCloud can turn your question of, “Why use Full Disk Encryption” into “How can I leverage FDE today?” feel free to contact one of our product experts by dropping us a line here. If you want to just get to work managing systems, you can sign up for a free JumpCloud account and manage up to 10 users for free, forever. If you ever get stuck, feel free to consult our Knowledge Base for information to help you get the most of your account. Of, if you’re a managed service provider (MSP), feel free to apply to be a partner today.