What is Full-Disk Encryption (FDE) and What are Self-Encrypting Drives (SED)?

What is Full-Disk Encryption (FDE) and What are Self-Encrypting Drives (SED)?

Full-disk encryption (FDE) and self-encrypting drives (SED) encrypt data as it is written to the disk and decrypt data as it is read off the disk. FDE makes sense for laptops, which are highly susceptible to loss or theft. But FDE isn’t suitable for the most common risks faced in data center and cloud environments.

The advantages of FDE/SED include:

• Simplest method of deploying encryption
• Transparent to applications, databases, and users.
• High-performance, hardware-based encryption

The limitations of full-disk encryption/self-encrypting drives (FDE/SED) include:

• Addresses a very limited set of threats (protects only from physical loss of storage media)
• Lacks safeguards against advanced persistent threats (APTs), malicious insiders, or external attackers
• Meets minimal compliance requirements
• Doesn’t offer granular access audit logs

Related Articles

Secure your digital assets, comply with regulatory and industry standards, and protect your organization’s reputation. Learn how Thales can help at the following links:

• Selecting the Right Encryption Approach
• The Key Pillars for Protecting Sensitive Data -- White Paper
• The Enterprise Encryption Blueprint -- White Paper
• Encrypt Everything -- eBook
• Data at Rest Encryption
• CipherTrust Tokenization
• CipherTrust Data Security Platform