We get asked this often, usually after a client has attended a seminar on computer security. The answer is… it depends. Mostly it depends on what your expectation is. Most people are looking for something that “will protect them”, and should be “automatic”. Well, keep looking, because FDE is not the panacea you’re looking for.
Full Disk Encryption essentially locks a disk, so it can’t be looked at, or booted, unless a password is entered. If you enable FDE on a computer’s primary disk, it will prevent the computer from being turned on without a password. If you enable FDE on a flash drive or other removable media, you won’t be able to look at that drive until the proper password is entered.
Unfortunately, FDE does NOTHING to protect you once the password has been entered. That means that once you’ve entered your password and booted up your computer, you are still vulnerable to viruses, malware, infected attachments, dangerous web-links and illicit remote access. In fact, FDE pretty much only protects you from the theft of your computer or portable USB media.
Don’t get me wrong, FDE does provide an extra measure of security, but its benefit is best used on laptops and flash drives containing sensitive data.
Full Disk Encryption also has some downsides worth mentioning:
⦁ FDE is not available in all versions of Windows and will not operate on all chipsets.
⦁ FDE may make your system “non-standard” and could interfere with some programs or utilties.
⦁ FDE may slow the performance of the hard drive.
⦁ FDE may render your hard drive useless if it develops corruption or bad sectors.
⦁ FDE may interact with some virus/malware to make the hard drive useless.
By all means, use FDE if you want extra security and can deal with the downsides… but just don’t think FDE solves all of your security issues. In the grand World of Security, FDE is the answer to maybe 1% of your potential problems.
BTW – FDE is known as “BitLocker” in Windows. Other popular FDE products are TrueCrypt, VeraCrypt, CheckPoint, and DiskCryptor