Hard Drive Encryption

I need to clear the air about something. This is something that has concerned me for quite a while now because it’s something that has given hundreds of millions of computer users a false sense of security.

Every modern-day Operating System that I know of has built-in security specific to protecting the data that you store within your password-protected profile. For example, if two users have their own account on the same computer, user number one (by default) can't access user number two's files, and vice versa. Pretty cool, huh? Do you feel safe knowing that your files are protected, even if your computer is lost or stolen? Don't be fooled. They’re not. It’s like assuming that your home is safe from burglary because your screen door is locked. It keeps the honest, honest.

The level of security that I described above is only applicable if those files are accessed via the Operating System (i.e.: Windows or Mac OS X). The Operating System manages the users and the security. So what happens if there is no Operating System to manage that security? Under what circumstances would your files not be protected? Three some words.... hard drive removal.

If I were to find a lost laptop, it would be simple for me to remove the hard drive from that computer and connect to it as an external drive on another computer. That would then give me full and complete access to everything on that drive. EVERYTHING.

Microsoft's Windows and Apple's Mac OS X both have built-in drive encryption utilities to help protect against these situations. Apple calls theirs β€œFileVault” while Microsoft calls theirs β€œBitLocker”. These utilities essentially encrypt (using strong algorithms) each bit and byte written to your hard drive. This encryption ensures that if your hard drive was removed and accessed externally, the perpetrator would have a very difficult time accessing your data.

Adding encryption at the file level does come at a cost. The cost in this case is performance. The performance degradation is more noticeable on traditional (mechanical) hard drives and less noticeable on new flash-based SSDs, but there is still some overhead. For your average user, that performance hit is transparent. For heavy users (video editing, etc), it’s a little more noticeable.

My purpose here isn't to scare you to the point of rushing out right now to enable file-level encryption (I actually don’t believe it’s for everyone), but to simply make you aware of the risks. It's definitely something that you should keep in mind and research a little more when you consider how to truly protect your sensitive data.

Posted on March 17, 2013 .