What is Full-Disk Encryption (FED) and What are Self-Encrypting Drives (SED)?
Full-disk encryption (FDE) and self-encrypting drives (SED) encrypt data as it is written to the disk and decrypt data as it is read off the disk. FDE makes sense for laptops, which are highly susceptible to loss or theft. But FDE isn’t suitable for the most common risks faced in data center and cloud environments.
The advantages of full-disk encryption/self-encrypting drives (FDE/SED) include:
- Simplest method of deploying encryption
- Transparent to applications, databases, and users.
- High-performance, hardware-based encryption
The limitations of full-disk encryption/self-encrypting drives (FDE/SED) include:
- Addresses a very limited set of threats (protects only from physical loss of storage media)
- Lacks safeguards against advanced persistent threats (APTs), malicious insiders, or external attackers
- Meets minimal compliance requirements
- Doesn’t offer granular access audit logs