Browse Definitions :
Definition

full-disk encryption (FDE)

Full-disk encryption (FDE) is encryption at the hardware level. FDE works by automatically converting data on a hard drive into a form that cannot be understood by anyone who doesn’t have the key to “undo” the conversion. Without the proper authentication key, even if the hard drive is removed and placed in another machine, the data remains inaccessible. FDE can be installed on a computing device at the time of manufacturing or it can be added later on by installing a special software driver.

The advantage of FDE is that it requires no special attention on the part of the end user after he initially unlocks the computer. As data is written, it is automatically encrypted. When it is read, it is automatically decrypted. Because everything on the hard drive is encrypted, including the operating system, a disadvantage of FDE is that the encrypting/decrypting process can slow down data access times, particularly when virtual memory is being heavily accessed.

FDE is especially useful for laptops and other small computing devices that can be physically lost or stolen. Because one key is used to encrypt the entire hard drive, FDE on the corporate level requires the network administrator to enforce a strong password policy and provide an encryption key backup process in case an employee forgets his password or leaves the company unexpectedly.

 

This was last updated in December 2014

Next Steps

Check out our FDE tools buyer's guide and learn how to secure data with full disk encryption and find out if FDE is the right choice for your organization.

Take a look at some of the top FDE tools on the market and read in-depth reviews of Apple FileVault 2, Check Point Full Disk Encryption, DiskCryptor, Symantec Endpoint Encryption, Dell Data Protection Encryption, Microsoft BitLocker, McAfee Complete Data Protection and Sophos SafeGuard.

Continue Reading About full-disk encryption (FDE)

SearchCompliance
  • OPSEC (operations security)

    OPSEC (operations security) is a security and risk management process and strategy that classifies information, then determines ...

  • smart contract

    A smart contract is a decentralized application that executes business logic in response to events.

  • compliance risk

    Compliance risk is an organization's potential exposure to legal penalties, financial forfeiture and material loss, resulting ...

SearchSecurity
  • authentication

    Authentication is the process of determining whether someone or something is, in fact, who or what it says it is.

  • Secure Shell (SSH)

    SSH, also known as Secure Shell or Secure Socket Shell, is a network protocol that gives users, particularly system ...

  • NIST Cybersecurity Framework

    The NIST Cybersecurity Framework (NIST CSF) is a policy framework surrounding IT infrastructure security.

SearchHealthIT
SearchDisasterRecovery
  • What is risk mitigation?

    Risk mitigation is a strategy to prepare for and lessen the effects of threats faced by a business.

  • change control

    Change control is a systematic approach to managing all changes made to a product or system.

  • disaster recovery (DR)

    Disaster recovery (DR) is an organization's ability to respond to and recover from an event that affects business operations.

SearchStorage
  • secondary storage

    Secondary storage is persistent storage for noncritical data that doesn't need to be accessed as frequently as data in primary ...

  • optical storage

    Optical storage is any storage type in which data is written and read with a laser.

  • JBOD (just a bunch of disks)

    JBOD, which stands for 'just a bunch of disks,' is a type of multilevel configuration for disks.

Close