Is it worth using full disk encryption (FDE)? According to research carried out by Ponemon Institute (funded by WinMagic), the benefits far outweigh the costs.
The report, "Total Cost of Ownership for Full Disk Encryption," is based on a survey of 1,335 IT and IT security individuals in the U.S., the U.K., Germany and Japan and looks at the costs and benefits associated with FDE.
"Encryption is important to mitigating the damage caused by data breaches, complying with privacy and data protection regulations, and preserving brand and reputation," claims the report. "In order to make rational decisions regarding the optimum use of encryption, it is important to comprehend the total cost of ownership (TCO). This particularly applies to solutions believed to be free but may have significantly higher TCO than commercial products".
According to the report, the costs depend on a number of factors. First is size of the organization: the larger the organization, the lower the costs. Another variable is industry. Heavily regulated industries such as financial services have the highest costs; while less regulated industries such as entertainment have the lowest costs.
What's interesting in the report is the discovery that the most expensive aspect of FDE is not the encryption hardware or software, but the "user time incurred operating computer with FDE". In other words, the increased time it takes to start up and shut down a system featuring FDE.
Totaled up, the costs of FDE work out at $232 per user, per year in the U.S. This rises to $264 per user, per year in Japan.
So, if it costs $232 per user, per year, what are the benefits? After some serious number crunching that used extrapolations from the survey, Ponemon estimates the cost savings from reduced data breach exposure to be $4,650.
In conclusion, the report states that, "the value of FDE far outweighs the costs by a factor 4 to 20 depending on the region". It goes on to point out that "the user and IT cost of deploying and running a full disk encryption solution is much higher than the pure software cost".
This, claims the report, "sheds a new light on allegedly 'free' encryption solution that come with operating systems" which "may have a significantly higher TCO compared to commercial FDE solutions that have a minimum impact on IT processes and user productivity".
Image source: Ponemon Institute.