Full laptop encryption software: the term is not an industry standard, but obviously one’s referring to full disk encryption (also often referred to as FDE, per its acronym. Or its initialism, if you prefer to call it that).
So what is full disk encryption and how does it work?
Full Disk Encryption: Laptops, Netbooks, Desktops, Servers, Etc.
Why is full laptop encryption the same as full disk encryption? Because in either case, what’s getting encrypted is the hard disk drive found inside the laptop. As you probably know, all computing devices have a permanent data memory device where information gets stored. This is the hard disk drive, or HDD.
The thing about HDDs is that they’re the same no matter what your computing device happens to be: your desktop as well as laptop has the same hard disk. Possibly, your laptop’s might be smaller in physical size, but it’s going to look like a miniaturized version of the desktop’s HDD.
FDE goes by many names: disk encryption, whole disk encryption, HDD encryption, laptop encryption, desktop encryption, computer encryption, etc. All of these names allude to the fact that user is interested in protecting the permanent data found on the disk.
How Does FDE Work? Not by Encrypting Your Data
One of the common misconceptions about full laptop encryption is that it encrypts data. That’s kind of right. But, also kinda wrong.
You see, FDE doesn’t encrypt data — it encrypts your hard drive. Hence the name. Understanding the difference could pay off dividends in the future, because it will make it easier for you to understand where FDE’s limitations lie.
What do I mean by “it encrypts your hard drive?” Let’s take a brand new computer and install encryption software on it. The computer has no data in it. Is the computer encrypted? Yes.
Now, if you save some files to that encrypted hard drive, is your data also encrypted? Yes.
And, if you copy that encrypted data to an external hard drive (not encrypted), is the data still encrypted? No.
Herein lies the limitation to traditional full disk encryption: the moment a file is copied off the encrypted hard drive — be it to another computer, to another disk, emailed, etc. — it is not protected anymore. Again, full disk encryption doesn’t encrypt data — it encrypts your hard drive.
What’s the use of FDE, then? you might ask. Well, it’s meant for those instances where equipment gets lost or stolen. Instead of having to encrypt sensitive files one by one, or having to secure files you didn’t even that existed (temp files, for example), everything on the computer is encrypted. You can absolute, positively claim that the data is completely protected if the laptop is stolen.
Sometimes I equate it to a more familiar, everyday technology: a safe for sensitive paper documents. Place the documents in the safe and they’re protected. Take them out and they’re not. The nature of the documents haven’t changed; it’s just a matter of where they are. And, if the safe is as secure as modern digital encryption happens to be, you can claim that those documents are fully protected
Of course, that’s not the end to FDE. For example, the ability to copy data off of an encrypted drive poses a real security risk. That’s why with AlertBoot endpoint encryption, you also have an option where any data storage devices plugged into an encrypted drive will also be encrypted automatically. This newly encrypted device can only be read from the original computer and other computers belonging to that computer’s network, allowing data to be shared…on a limited basis.