Do they have any Hardware-based Full-Disk Encryption (FDE) solutions out there yet for Macs?
(That is where you drop in a HDD and it starts encrypting data instantly via the HDD itself?)
I seem to recall I found some fledgling solution a few years back but never got around to exploring it.
These days with so much of my life on my MacBook, I’d like a solution where the minute I turn on my laptop things are being encrypted so it is automatic and not something I have to do or remember to do!!!
Unless you have a slow laptop, hardware versus software encryption is neither here nor there. If OS based software FDE is good enough to make it into NSA security recommendations, it’s likely good enough for your purposes.
In theory you could boot malicious code, but that malicious code would still have to decrypt your OS data which it couldn’t do unless it intercepted you typing your login.
The chances of somebody acquiring your laptop and then having the motivation and expertise to write a custom boot sector trojan, insert it and then decrypt data is highly unlikely, relative to the certain additional cost overhead of a laptop hardware FDE solution. 1000 times more likely (but still very unlikely) is somebody defeating an encryption system (hardware or otherwise) by seeing you type in your bios password over your shoulder then stealing your hardware encrypted laptop.
If you -really needed- that extra level of security, the question wouldn’t arise, as your employer would strictly enforce hardware and software security policy.
The performance hit of software encryption in day to day use on a modern computer is negligible except on high i/o scenarios like on a server. If you really do feel it’s something worthwhile however check out the seagate momentus FDE drives which are as cheap as you can get for this sort of thing.
So Seagate Momentus are the Hardware FDE HDD’s I’m looking for?
If so, will they work with OS X?
And as far as Hardware vs Software encryption, and FDE vs Regular Encryption, how does TrueCrypt stack up? (I believe that is what you mentioned earlier?)
I just know in the past I have had clients give me a Windows laptop with FDE where I had to type in a password PRE-BOOT and I thought that was the coolest thing in the world!!
If I could get something professional like that, which is easy to set up and use day-t-day and that which protects all of my HDD and data (vs some encrypted folder) that would be great.
