Hardly a day goes by without a laptop being lost or stolen, with many such devices containing confidential information, be it customer information, client account information, or even company trade secrets. Such losses tend to cost companies dollars as well as their reputation. Which is why many companies opt to use laptop encryption software to ensure that they don’t have a data leak, even if they do lose a laptop.
Why Full Laptop Encryption?
The full disk option encrypts every single bit and byte of information found on your computer (it usually requires the use of pre-boot authentication, where one has to provide a username and password before the computer actually boots up, for even more security).
File encryption protects designated files only, meaning you get to pick and choose (the idea is to choose sensitive files to protect).
Which one is better when it comes to laptop computers? While both have pros and cons–and some even recommend using both–assuming that you don’t have to copy files off of your computer, full laptop encryption would be the better option:
All files are protected – Sometimes computers will create files for you that you didn’t actively create, such as temporary files. These are used, for example, to undo the changes you’ve made to your report two hours ago. Nobody ever thinks to encrypt such files, although they could be an easy source of a data breach (software that scans specific data patterns, such as SSNs, can be cheaply bought over the internet).
The enduser does not decide what gets encrypted – Let’s face it, many data breaches occur because employees don’t follow work policies. For example, one such policy may be “don’t take sensitive documents home,” except that employees do so in order to work from home.
Knowing this, why would one decide it’s a good idea to have employees keeping track of every single document and deciding what’s to be encrypted?
Well, the pat answer is that sometimes you don’t have an option, such as when someone creates a confidential report and decides to e-mail it. In such a scenario, this “someone” must also be in charge of encrypting that report before adding it as an attachment to the e-mail. He’s the only one “there,” if you get my drift.
But, if given a choice, it would make sense to automate as much as possible the business of encrypting documents, and full laptop encryption is such an example.
Going Alone Or Using Encryption As A Service
If you decide to use full laptop encryption, another thing to chew on is whether to use managed encryption. Managed encryption offers benefits, especially if you have to manage an entire fleet of computers.
Encryption deployments are easier
Encryption keys are easier to manage
IT department is not burdened with extra work
Easier access to reports for audits
The detracting factors are usually costs. Managed encryption means either annual or monthly charges. On the other hand, taking encryption in-house also means additional costs not only in the form of usage licenses, but also maintenance. There is also the indirect cost of your IT guys taking care of issuing passwords as opposed to doing something more important.