More recent desktop computers are powerful enough to drive, and in some cases enhance harder-to-crack encryption algorithms such as AES, enabling the option of running encrypted devices as standard. This takes away the need to worry about whether or not a certain piece of data should be encrypted, and indeed it removes the risk of forgetting. But full-disk encryption brings with it another challenge, that of key management. For an individual user installing their own software it’s not such an issue – you set up your own password and keep tabs on it in the normal way (hopefully not by writing it on a post-it and sticking it on the wall). Meanwhile, for a company, keys need to be managed at a central point. While tools exist for this, someone needs to maintain them and respond to user requests when keys are forgotten.
Posted by rlssec