In the world of encryption, the topic of disk vs file encryption is a hotly debated topic. Unfortunately, the current encryption solutions require a hefty barrier to entry. This translates to a lack of adoption and/or scalability in business environments. Barriers to entry and lack of scalability is an example of why the majority of Fortune 1000 businesses have failed to adopt a file encryption solution in the workplace. Failing to secure your data leaves files exposed and vulnerable to leaks and attackers. This is a major problem. That’s why we have architected an enterprise-class file encryption solution with a minuscule barrier to entry. Eliminating user friction creates a path for user adoption. Let’s take a look at the current solutions and how they stack up against Active Cypher.
BitLocker – Full Disk Encryption
“Full disk encryption — also known as whole encryption — is the most effective way to prevent confidential data being taken from a laptop that has been lost, stolen or left unattended in a hotel room.”*
Full Disk Encryption (Microsoft BitLocker) works by encrypting a system’s entire hard drive — all the confidential data stored on it, but also the operating system and all applications. When the system is started, the user is prompted for the encryption key, which enables the system to decrypt enough to boot and run normally.
- BitLocker is User/Device centric.
- BitLocker is a Full Disk Encryption process that operates at a lower level than File-Level Data Encryption.
- While both full disk and file encryption use Keys for encryption/decryption functions, BitLocker requires an “unlocking” of a local key through the interactive engagement of the end user by entering a passphrase, PIN, device, or another type of authentication separate of their networking access control domain permissions.
- BitLocker protects the file within the physical disk, but once the disk is decrypted and a file is sent outside that drive, there is nothing to prevent unauthorized users from reading the confidential data in the file.
- The vast majority of File Encryption is Object/Data-centric
- Most File Encryption requires a key sharing methodology that is cumbersome
- Currently File Encryption solutions involve one of several techniques to accomplish the goal of data protection, and unfortunately, a large percentage of these solutions rely on the End User’s judgment, discipline, commitment, and time to protect the company’s confidential data, resulting in a lack of enterprise-wide adoption.
- File Encryption solutions require templates, policies, and/or content sensitivity guessing to apply the data protection.
- Most File Encryption products require intervention and actions by the end user, they also rely on your users to know who should be allowed to see the unprotected contents of files as they are sent and shared around a company through email, laptops, devices, cloud services, and thumb drives.
95% of Fortune 1000 companies are running Windows Networks either locally or in Azure Cloud. Windows Active Directory is so widely used it is also the de-facto for small business networks. Active Cypher is deployed seamlessly within your Windows Network, the most widely used network worldwide, making Active Cypher the easiest to use, enterprise-class file encryption solution for businesses of all sizes.
Active Cypher’s architecture combines the “set it and forget” ease of Full Disk encryption, with the “In Transit” protection of File encryption when removed from the physical device. Here are additional distinctions between current File Encryption solutions and Active Cypher.
- Policies – Active Cypher does not use any templates, policies, or guesswork to determine what files must be protected. Active Cypher considers every file that is in your shared networked folders as confidential and it encrypts every file in every folder on your file servers.
- Usability – The user is not involved in any decision making. Active Cypher knows exactly which users in the company should be allowed to see the unprotected data.
- Full access control – Active Cypher retains the Access Control List entries of the file anywhere that file ends up. If an encrypted file is sent from someone in Accounting to someone in Sales who is not a member of the Accounting Security Group, Active Cypher will deny that person the ability to decrypt that file and see its contents.
- Encrypted in the cloud – Active Cypher relies on your Windows Active Directory Security Groups & Users to automatically allow/prevent each user’s ability to decrypt the contents of your files whether they are on the network, on the user’s Desktop, in their laptop, or on a thumb drive. Files on Cloud services such as Dropbox, One Drive, SharePoint, Box, Google Drive, etc., are all protected by Active Cypher no matter where the file resides, or how it may have gotten there.
- Automated key management – Active Cypher manages the entire key management process at the Identity level, not at the user level. The user never handles keys, passphrases, PIN’s, or recovery keys.
- Secured everywhere – Active Cypher works by encrypting the data inside a company’s files. All the data in a file is protected wherever that file goes.
- Active Cypher protects data at the file system level by monitoring user activity on your networked drives. This allows seamless encrypting and decrypting – completely invisible to the user. There is no need to categorize or identify who should be allowed to view the confidential contents of the protected files.
The needs for encryption will differ in every situation. These needs will depend on whether you’re using BitLocker to encrypt a hard drive, file encryption to encrypt a local folder, or Active Cypher to encrypt files on your Windows Network. The objective here is to educate and inform. Now you should know what your options are, what each encryption technology does, and how they differ for every use case.
The Team at Active Cypher had a philosophy from the beginning — don’t build what’s not necessary. To make something simple requires time to reduce elements to their essence. We have done this by simplifying a process. By removing a complex and painful barrier that once took days, we have distilled this into minutes. We are proud of that and that’s what we’re passionate about.
The bottom line is there are different ways of securing data. Protecting that data has never been more important as it is today.
* Taken from an article on esecurityplanet.com: https://www.esecurityplanet.com/mobile-security/buyers-guide-to-full-disk-encryption.html