Answer

Is full-disk server encryption software worth the resource overhead?

Our organization has come up against a couple of problems when encrypting production servers. Using TruCrypt (our current favorite) we lose the ability to do remote reboots, absent a DRAC or iLO2, as well as the ability to do any automated, middle-of-the-night reboots for updates, etc. Also, the processing overhead for the constant encrypt-decrypt cycles is taking a toll. Is encrypting these servers worthwhile? If so, what's the best strategy to mitigate these problems?

    Requires Free Membership to View

Full-disk encryption is most useful when there is a threat of loss of data due to the device being mobile. A server is typically designed to run constantly and will not benefit from data encryption when the system is powered down, unless there is a threat from physical theft.

A combination of a good endpoint security product, which brings together antivirus/antispyware, with a host-based intrusion prevention system (IPS), rather than full server encryption software, would go a long way to keeping the server secure. Adding a file integrity monitoring product, like those from Tripwire Inc. or the free OSSEC, would provide real-time alerts on modifications to critical files on the servers as well.

This was first published in August 2011

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: