Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 5 subscribers
  • Views 17506 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Full Disk Encryption vs Encrypt whats in use

kire

I have a question about Full Disk Encryption vs Encrypt whats in use.  I recently tested the "Encrypt whats in use" which took about 4 hours to encrypt on my test PC.  But i was left wondering if the disk continues to encrypt as it grows or not?  I figure Full Disk encryption will do exactly that.  Encypt the used and unused space no matter what.  But the other setting has me worried that it is lacking in coverage.  Otherwise why have to two different options?

:57101


This thread was automatically locked due to age.
  • 0

    Hello kire,

    "Encrypt whats in use" which took about 4 hours

    it's called Fast Initial Encryption for a reason. The time needed for encrypting a disk is roughly directly proportional to its size. Thus on a 500GB disk with a freshly installed Windows 7 or 8.1 (about 20GB) FIE will save you more than 90% of time for initial encryption (4 hours suggests that there's more than the OS on your test PC).

    if the disk continues to encrypt as it grows or not?

    While FIE encrypts only allocated (i.e. in use) sectors all new data written will be encrypted whether the sector was previously allocated (and therefore encrypted) or not.

    why have to two different options?

    As mentioned above, FIE takes considerably less time. It is only "safe" though on volumes which do not yet contain any sensitive data at all (ideally just the OS) as the unallocated sectors likely contain previously deleted but unencrypted data. 

    Christian  

    :57114
  • 0

    Thanks for the reply.  Good information there.

    Yeah my test PC had several programs from my company as well as it was PC that someone used for a period of time before switching over to a laptop.

    Im not worried about the speed honestly.  I know there are several factors involved there.  I was mainly concerned about the difference between the two types of encryption.  

    So based on my environment and how I am going to use the product it sounds like full disk encryption is what I need.  The laptops that are going to receive this encryption have been in use for a while so data on them has "come and gone" so to speak.  Potentially leaving behind information on what is now unused sectors of the Hard Drive. 

    Im glad I raised this question because I was simply going to stick with FIE method, but now I think I will go Full Disk.

    Thanks a million.

    :57117
  • 0

    Also my laptop encrypted using the FIE method.   I just changed in the policy that FIE is set to "No".  I expected to see it update its policy (it did), and then expected to see that encryption box pop up letting me know it was encrypting the rest of the Hard Drive (it did not).  Will I have to uninstall and re-encrypt or is there a way to verify its doing the rest of the drive now?

    :57119
  • 0
    Hello kire,

    it's /initial/ encryption, once it has started (or completed) a change is the policy has no effect - unless (I assume) you cycle through decrypt/encrypt.

    Christian
    :57122
Unfiltered HTML