We live in an age where nearly every facet of our personal and professional lives are stored on portable devices like laptops and smartphones. Our photos and private messages, our business e-mails and sensitive documents, and even our wallets are increasingly integrated into personal devices and carried in our pockets. We take them with us wherever we go, from the boardroom to the beach and everywhere in between. Unfortunately, smartphones and laptops also have a tendency towards being lost, misplaced, and even stolen. In today’s world, losing a device doesn’t just mean you’re out $500, it means you’ve lost control over your information.
The basic idea behind device encryption—sometimes called “full-disk encryption” or simply “encryption” in the context of encrypting your phone or computer’s storage—is that the data stored on your device is stored in the device’s memory as an indecipherable string of 1s and 0s. Those indecipherable strings can only be decoded with the correct “key”. In this context, that’s not a literal key but a secret code derived from something that only you know. When you start up your phone and enter your passcode, the key is available for the phone to decode your data for your use. If the phone is started up without the passcode, or is locked, the data cannot be decoded.
The point of all of this is that if you lose your phone, the finder or thief can’t read the data off of the device without also having your passcode, fingerprint, etc. Again, in an age where that “data” can be your photos, videos, and personal emails, this is obviously a huge deal even compared to the inconvenience and cost of losing the device itself.
Beyond the scenario of your phone being lost or stolen, in the two years since Edward Snowden revealed the disturbing extent of government surveillance, interest in privacy and secure communication has skyrocketed among the general populace. Encryption, once considered esoteric and unnecessary, has become a crucial necessity in the modern world.
With the grim realities of device theft and government surveillance out of the way, on to some good news...
Device Encryption is Easier Than Ever
Only a short time ago, setting up device encryption was a daunting task. Users had to sift through an unstandardized menagerie of expensive third-party software solutions hoping to find one available for their device or platform of choice. Installing the software was no picnic either, often requiring you to wipe your hard drives and reinstall your operating system to get started with full-scale encryption. Today, most consumer platforms offer built-in encryption capabilities.
Apple, who recently reconfirmed their commitment to privacy with their latest security products, offers built-in encryption on both their mobile iOS and desktop OS X systems. Google’s Android supports device encryption out of the box as well, while Microsoft’s Windows offer their own encryption facility, BitLocker, albeit as a feature only available in higher-end versions of Windows. The inconveniences of third-party privacy software and reformatting hard drives are a thing of the past as modern platforms support painless, on-the-fly conversion from an unencrypted install to a secure one.
Encryption Minus Overhead: AES-NI Hardware Acceleration
Beyond the expense and arduous installation of legacy privacy solutions, past device encryption options also came with a heavy performance cost. Until recently, device encryption in general caused a fairly substantial setback for disk speeds on desktops and laptops. Computer processors, or CPUs, had to devote considerable resources toward encrypting and decrypting files as needed—in other words, almost constantly as you use your system—usually at a rate much slower than the system’s disk drives were capable of operating. This added overhead as the system encrypted and decrypted your data on-the-fly resulted in a substantially slower and degraded experience for users who opted for device encryption. Such heavy CPU usage also created a huge battery drain, which poses a major problem for portable devices on which encryption is most important.
Today, however, in addition to powerful multi-core CPUs becoming more affordable and widespread, chip manufacturers have introduced game-changing methods of accelerating encryption and decryption operations.
In 2008, Intel introduced a new CPU feature called AES-NI. Built to support the U.S. National Institute of Standards and Technology’s Advanced Encryption Standards (AES) algorithm, AES-NI consists of six processor instructions designed to perform several CPU-intensive parts of the AES encryption process. By supporting those operations right in the chip’s hardware rather than relying less efficient software operations, AES-NI instructions execute encryption operations up to ten times faster than was previously possible.
While the instruction set was initially available only in high-end Intel processors, AES-NI is now built into virtually every Intel processor and many from other vendors such as AMD. Best of all, if your system’s CPU supports AES-NI, both Windows and OS X’s disk encryption features take full advantage of the instruction set without the need for any additional software or configuration. The end result is a secure, streamlined encryption and decryption process that costs your system little to no overhead when used.
Safeguard Your Self(ies)
When someone steals or finds an encrypted phone, laptop, or other device, there’s little one can do to get the expensive piece of hardware back to its rightful owner. However, you can take steps to protect your private information. Explore the security options offered by your phone or laptop, whether it’s enabling encryption or activating GPS tracking services and remote data wiping in the unfortunate event your device ends up in the wrong hands. An ounce of prevention is worth a pound of cure, and with today’s integrated, nearly effortless encryption options available, there’s no excuse not to protect your data.
No matter how strong of a position your business is in otherwise, neglecting to safeguard your data could mean a major crisis should an unpredictable event leave your company vulnerable. If you’re worried about your business’s preparedness, encrypting your own devices is a great start—but it’s a far cry from a comprehensive plan. Drop us a line. We’ll talk about your business, the unique risks it faces, and how we can develop a plan to keep you safe.