What is Whole Disk Encryption

Full disk encryption (or whole disk encryption) is a kind of disk encryption software or hardware which encrypts every bit of data that goes on a disk. The term “full disk encryption” is often used to signify that everything on a disk, including the operating system, is encrypted. There are also programs capable of encrypting an entire disk fully but not capable of directly encrypting the system partition or boot partition of the operating system (e.g. FreeOTFE, GBDE and TrueCrypt which can fully encrypt an entire secondary hard disk). To boot from a fully encrypted disk on a standard personal computer requires hardware assistance as there is otherwise no other way for the BIOS to decrypt and transfer program control to an encrypted master boot record (MBR). There are software programs that can encrypt bootable operating system partitions but they must still leave the MBR, and thus part of the disk, unencrypted.

Why Do I Need Whole Disk Encryption

Full disk encryption has several benefits compared to regular file or folder encryption, or encrypted vaults. The following are some benefits of full disk encryption:

1. Everything including the swap space and the temporary files are encrypted. Encrypting these files is important, as they can reveal important confidential data.
2. With full disk encryption, the decision of which files to encrypt is not left up to users.
3. Support for pre-boot authentication.
4. Immediate data destruction, as simply destroying the cryptography keys renders the contained data useless. However, if security towards future attacks is a concern, purging or physical destruction is advised.

What To Look For In A Solution

* Powerful full-disk, file, and folder encryption
Rest assured that data is securely encrypted whenever it’s stored on desktops, laptops, tablets, and other mobile devices, and that files and folders remain encrypted wherever they travel thanks to industry-standard strong encryption algorithms such as RC5-1024 and AES-256
* Strong access control
Prevent unauthorized access and subsequent data loss with two- and three-factor preboot authentication, which supports many different smart cards and USB tokens; supports single sign-on to minimize hassles for authorized users and password synchronization with Windows
* Synchronized password changes
Propagate password changes that a user makes on one machine to all other machines that the user is assigned
* Centralized management
Centrally define, deploy, manage, and update security policies; maintain central control over user credentials, including synchronization, recovery, and revocation; and generate reports to meet compliance requirements
* Invaluable reporting and auditing capabilities
Support compliance with company, industry, and government regulations using the solution’s capable auditing and reporting features
* Seamless integration with existing infrastructure
Synchronize this solution with Active Directory, LDAP, PKI, and others; supports all Windows operating systems (full 32- and 64-bit Vista support), common languages, and various keyboards; next to that, endpoint encryption supports automatic language detection in preboot based on Microsoft Windows language settings

source:wikipedia.com;safeboot.com