IT Security Outsourced IT

Full Disk Encryption

What is Full Disk Encryption?

Full disk encryption (FDE) or whole disk encryption is a means of protecting information by encrypting all of the data on a disk, including temporary files, programs, and system files. Some full disk encryption systems leave the boot sector of the disk unencrypted, while others encrypt that as well. Following FDE initialization, all information is automatically encrypted when written to the disk and decrypted when read, if the user has authorization.

Full disk encryption allows users to protect confidential information that they may not realize exists on the system, such as temporary files and system files. Even if a cyberattacker removes the disk and installs their own device, they will be unable to access the data without the password or encryption keys. Full disk encryption is particularly useful on portable devices, as those have greater risks of being lost or stolen than stationary devices do.

Tools for FDE can be hardware or software based. Hardware FDE options include:

Self-Encrypting Drives (SED). A SED is a hard disk drive (HDD) or solid-state drive (SSD) with an encryption circuit built into it. A SED automatically encrypts data, without the need for user input or separate encryption software. Major hard drive manufacturers such as Samsung, Seagate, Toshiba and Western Digital offer SEDs, both as off-the-shelf drives and pre-installed PCs or laptops.

Cryptoprocessor hard drives. Hard drives with enclosures that include chips with built-in cryptoprocessors have chips that automatically encrypt all data written to the drive while the drive is inside the enclosure.

Chipsets. With chipset FDE, an encryptor bridge and chipset are placed in between the system and the disk, and every sector of the disk is encrypted in this way.

FDE software enables users to configure FDE using existing hardware and are compatible with most storage devices and operating systems on the market. Encryption software may come with an operating system, exist as a standalone utility, or it may be a component of security software. Examples of FDE software include1:

  • Nordlocker
  • AxCrypt Premium
  • Folder Locker
  • Advanced Encryption Package
  • CryptoForge

Limitations of FDE include:

  • Only protects from physical loss of storage media;
  • Lacks safeguards against advanced persistent threats, malicious insiders, or external attackers;
  • Only meets minimal compliance requirements;
  • Doesn’t offer granular access audit logs.

For these reasons, FDE should be used along with other security tools such as antivirus and antimalware solutions and firewalls.  

1 PCMag, 2023, “The Best Encryption Software for 2023”