The usability problem with Full Disk Encryption
(Last updated on April 26, 2019)
In today’s mega breach world, the majority of compromised credentials are caused by a handful of breach incidents. In comparison to database breaches affecting hundreds of millions, the physical theft of devices is a less controversial headline. For organizations however, the threat isn’t any less serious. Data stored on a stolen device is easily accessible, even if it is protected with a password. Interestingly, 41% of data breach events from 2005 through 2015 were the result of lost devices (laptops, tablets, smartphones).
A security mechanism that protects data at rest on an endpoint can mitigate the breach risk associated with a lost or stolen device. Encryption at the hardware level can protect confidential information, but not without some challenges. A recent survey sent to a global list of IT professionals, identified the following drawbacks with endpoint encryption solutions.
About 45% of the survey participants that are currently using an endpoint encryption solution identified user account lockouts as a challenge. Disk encryption involves a pre-boot authentication environment that is protected with a password, and in some scenarios, a second authentication factor. In the case of forgotten passwords, the computer can’t be accessed. This results in increased lockouts, and consequently, calls to the helpdesk.
Many endpoint encryption solutions offer a self-service key recovery component. Unfortunately, this component mostly relies on security questions to verify users. Security questions are a weak form of authentication as answers can be easily guessed or uncovered via social engineering. It is also common for users to forget the answers to their security questions, resulting in calls to the helpdesk. Specops Key Recovery verifies users with multi-factor authentication, allowing them receive a recovery key, without contacting the helpdesk.
The survey was conducted by Specops Software, and sent to a global list of IT professionals in January 2019. In total, 241 respondents participated in the survey. The survey uncovered security and usability challenges related to endpoint encryption, while also highlighting the integral part such solutions play in the IT security policy.