Problem solve Get help with specific problems with your technologies, process and projects.

Is full-disk server encryption software worth the resource overhead?

While encrypting production servers may seem like a good security move, according to Anand Sastry, doing so may not be worth the resources it uses.

Our organization has come up against a couple of problems when encrypting production servers. Using TruCrypt (our...

current favorite) we lose the ability to do remote reboots, absent a DRAC or iLO2, as well as the ability to do any automated, middle-of-the-night reboots for updates, etc. Also, the processing overhead for the constant encrypt-decrypt cycles is taking a toll. Is encrypting these servers worthwhile? If so, what's the best strategy to mitigate these problems?

Full-disk encryption is most useful when there is a threat of loss of data due to the device being mobile. A server is typically designed to run constantly and will not benefit from data encryption when the system is powered down, unless there is a threat from physical theft.

A combination of a good endpoint security product, which brings together antivirus/antispyware, with a host-based intrusion prevention system (IPS), rather than full server encryption software, would go a long way to keeping the server secure. Adding a file integrity monitoring product, like those from Tripwire Inc. or the free OSSEC, would provide real-time alerts on modifications to critical files on the servers as well.

This was last published in August 2011

Dig Deeper on Alternative operating system security

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.