Posted by: Azaltsman
arra 13402, data at rest, data in motion, data in use, encryption, file encryption, full disk encryption, HIPAA, hitech act encryption, phi, whole disk encryption
We hear many news stories about stolen laptops and hard drives. The knee-jerk reaction is to purchase whole disk encryption products (there are many out there) to sleep better at night. There is no question that whole disk encryption should be a part of your data security arsenal. However, don’t overlook the “big picture” of your IT security strategy. Keep these things in mind.
- Whole disk encryption is clearly needed for mobile devices and removable storage.
- Whole disk encryption protects data when your computers is TURNED OFF. This means that while you’re using the computer the data is in use, and is not encrypted.
- Additional level of data protection is needed to protected the data while computers are in use. For example, critical data files should be encrypted automatically regardless of whether the computer is turned on or off. Whole disk encryption does not do this.
- Files containing PHI that are transferred over a network need to be encrypted. Whole disk encryption does not do this.
- What about e-mails containing PHI? More importantly, what about those that use Microsoft Outlook and store data in archive (.pst) files?
So why is whole disk encryption not enough? What happens if a worm invades your computer and transfers documents of a certain file type to a remote location. Whole disk encryption will not help you in this situation. It’s important to encrypt files on the hard drive so that they remain encrypted while the computer is in use.