In the world of encryption, the topic of disk vs file encryption is a hotly debated topic. Unfortunately, the current encryption solutions require a hefty barrier to entry which translates to a lack of adoption and/or scalability in business environments. It’s this barrier to entry and lack of scalability that the majority of Fortune 1000 businesses have failed to adopt a file encryption solution in the workplace, leaving their files exposed and vulnerable to leaks. We know this is a major problem and have architected an enterprise-class file encryption solution with a miniscule barrier to entry and zero requirements for user adoption. Let’s take a look at the current solutions and how they stack up against Active Cypher.
Bitlocker – AKA: Full Disk Encryption
“Full disk encryption – also known as whole encryption – is the most effective way to prevent confidential data being taken from a laptop that has been lost, stolen or left unattended in a hotel room.”*
Full Disk Encryption (Microsoft BitLocker) works by encrypting a system’s entire hard drive – all the confidential data stored on it, but also the operating system and all applications. When the system is started, the user is prompted for the encryption key, which enables the system to decrypt enough to boot and run normally.
- BitLocker is User/Device centric.
- BitLocker is a Full Disk Encryption process that operates at a lower level than File Level Data Encryption.
- While both full disk and file encryption use Keys for encryption/decryption functions, BitLocker requires an “unlocking” of a local key through the interactive engagement of the end user by entering a pass phrase, PIN, device, or other type of authentication separate of their networking access control domain permissions.
- BitLocker protects the file within the physical disk, but once the disk is decrypted and a file is sent outside that drive, there is nothing to prevent unauthorized users from reading the confidential data in the file.
- File Encryption is Object/Data centric
- File Encryption requires a key sharing methodology
- Currently File Encryption solutions involve one of several techniques to accomplish the goal of data protection, and unfortunately a large percentage of these solutions rely on the End User’s judgment, discipline, commitment, and time to protect the company’s confidential data, resulting in a lack of enterprise-wide adoption.
- File Encryption solutions require templates, policies, and/or content sensitivity guessing to apply the data protection.
- Most File Encryption products require intervention and actions by the end user, they also rely on your users to know who should be allowed to see the unprotected contents of files as they are sent and shared around a company through email, laptops, devices, cloud services, and thumb drives.
95% of Fortune 1000 companies are running Active Directory either locally or in Azure Cloud. Active Directory is so widely used it is also the de-facto for small business networks. Active Cypher is deployed seamlessly within Active Directory, the most widely used network worldwide, making us the easiest to use, enterprise-class file encryption solution for business of all sizes.
Active Cypher’s architecture combines the “set it and forget” ease of Full Disk, with the “In Transit” protection of Data when removed from the physical device. Additionally, there are additional distinctions between current File Encryption solutions and Active Cypher.
- Active Cypher does not use any templates, policies, or guesswork to determine what files must be protected. Active Cypher considers every file that is in your shared networked folders as confidential and it encrypts every file in ever folder of every folder of your file servers.
- Active Cypher knows exactly which users in your company should be allowed to see the unprotected data and the user is not involved in any decision making.
- Active Cypher retains the Access Control List entries of the file anywhere that file ends up. If an encrypted file is sent from someone in Accounting, to someone in Sales who is not a member of the Accounting -Security Group in Active Directory, Active Cypher will deny that person the ability to decrypt that file and see the contents of it.
- Active Cypher relies on your Active Directory Security Groups & Users to automatically allow/prevent each user’s ability to decrypt the contents of your files whether they are on network, on the user’s Desktop, in their laptop, or on a thumb drive. Files on Cloud services such as Dropbox, One Drive, SharePoint, Box, Google Drive, etc. are all protected by Active Cypher no matter where the file resides, or how it may have gotten there.
- Active Cypher manages the entire key management process at the Identity level, not at the user level. The user never handles keys, pass phrases, PIN’s, or recovery keys.
- Active Cypher works by encrypting the data inside a company’s files. All the confidential data inside a file is protected, anywhere that file might reside.
- Active Cypher protects data at the file system level by monitoring user activity on your networked drives, encrypting and decrypting seamlessly, invisible to the user, and without the need to categorize or identify who should be allowed to view the confidential contents of the protected files.
The needs for encryption will differ depending on whether you’re using Bitlocker to encrypt a hard drive, file encryption to encrypt a local folder, or you’re using Active Cypher to encrypt sensitive files on your business network, the goal here is to educate and inform what your options are, what each encryption technology does, and how they each differ for every use case.
The Team at Active Cypher had a philosophy from the beginning – don’t build what’s not necessary. To make something simple requires time to reduce elements to their essence. We have done this by simplifying a process and removing the barrier to entry that once took days, distilling it into minutes. We are proud of that and that’s what we’re passionate about.
The bottom line is that there are different ways to securing your data, and it has never been more important as it is today.
* Taken from an article on esecurityplanet.com: https://www.esecurityplanet.com/mobile-security/buyers-guide-to-full-disk-encryption.html