Assuming you have a strong password on your Windows or Mac OS machine, your data is safe, right? Wrong! Just because accessing your computer might be slightly harder for a thief, given physical access, anyone can and will be able to eventually find your data. You can make it almost impossible though, using “Data at Rest Encryption” technology.
Think of it in this metaphor. Imagine you kept all of your important bank information in a notebook. Putting a lock on the book cover makes casual investigation tougher, but someone will hack off the lock or strip off the cover if they are dedicated. If you have encrypted disks though, they would find the equivalent of gibberish. Lacking the ability to decode the data, it would be worthless for them.
Disk Encryption Technology
If you have something very valuable, then keeping it in an encrypted storage area is very important. This prevents people who have access to your machine from externally mounting your hard disk and reading your most private information. There are a few methods of doing this, and some are more complex than others.
Full Disk Encryption
If you want to encrypt a full disk, this is the best way to go. It prevents you from accidentally leaving information out in the open, but it also has some problems. First of all, if everything is encrypted, then your computer can’t load the OS without decrypting it. There are hardware and software based solutions to this, but they include passwords, keys, biometric ID interfaces, or network identification. In general, the more of these steps you include, the harder it is to break into your data.
Another option that isn’t exactly full disk is to encrypt everything but just enough to start loading your operating system. All of the user space that you can access would be encrypted. For all but the most important systems, that compromise is typically excellent and a great start.
Vault (Filesystem) Encryption
Vault software creates a digital vault on your disk. The vault is opened and closed through the operating system, and only when you open it will the decryption keys be available to see the data. Within the vault, it appears to typically be a normal folder that you access as usual.
The advantages of the vault encryption, also known as filesystem-level encryption, are many. First, it is mostly transparent to the user. Second, it is very flexible and letting people in and out is easily controlled. Another advantage is that many operating systems have these features built in or readily available, so you don’t have to work as hard to set them up. Finally, most people understand the idea that the files are “password protected” on some level and are happy with that.
Unfortunately, metadata about the files is typically unencrypted. This means that while an infiltrator might not know what the files say, he will probably know what they are called, how big they are, and how they are organized. It isn’t much to go on, but for some, that information leak alone can be crippling.
Another disadvantage is that things like internet history, cookies, and other data you create as you use the machine will typically sit out in the open, unencrypted. Full disk encryption takes away the “is it or isn’t it” question.
Final Notes
If your data is important, and it probably is, you should seek some level of encryption. It is absurd to think of how many people are vulnerable to a hack no more sophisticated than stealing their laptop and mounting their hard disk. Don’t be caught unaware. Encrypt your data inside your computer as well as what you send over the internet.
Sources:
Hacker 10: Security Tips: Why Not Use Full Disk Encryption
RSA.com: Securing Data At rest: Developing a Database Encryption Strategy
AlertBoot.com: What is Data At Rest Encryption