The advancement of technology has enabled us to work untethered from our traditional office environments. The increase in the mobile workforce also necessitates the adoption of security solutions that protect the devices (laptops, tablets, USB stick etc.) and data that is travelling (physically), even when it is at rest. Industry surveys show that almost 86 percent of organizations have had laptops lost or stolen with 56 percent of those with data being breached [7]. Add to this the increased vigilance required for medical and Personal Health Information (PHI) and we quickly understand the need for solutions like full disk encryption to prevent unauthorized access to data.
In the healthcare sector, we find acts like the Health Insurance Portability and Accountability Act (HIPAA) mandating the encryption of PHI at rest and in motion [See HIPAA Security Rule - “Implement a mechanism to encrypt and decrypt EPHI.” Rule 164.312(e)(2)(ii), 164.312(a)(2)(iv)]. However, the adoption of such security solutions, even though mandatory, is sometimes circumvented by end users and organizations due to disk encryption solutions not being transparent enough and slowing down the host system significantly.
Companies like Intel Corporation hope to mitigate the impact of system slowdown through the use of technologies like Intel® Advanced Encryption Standards – New Instructions (AES-NI) which is hardware-accelerated encryption/decryption that may provide enough performance jump to offset the system performance degradation due to disk encryption solutions.
By using Intel® AES-NI, we were able to observe consistent and significant performance improvement in AES algorithm encryption/decryption over software-based Full Disk Encryption. Specifically, 74 percent (average) for encryption and 75 percent (average) for decryption, over a wide range of file buffer sizes and two of the most common forms of disk drives - standard and SSD drives.
Read a new white paper that describes AES-NI and full data encryption.
What questions do you have about hard drive encryption?