Page 73 - Cyber Defense eMagazine March 2024
P. 73
Full Drive Encryption Only a Half-Measure
for Data Security
Pre-Boot Authentication Is the Missing Half
By John Benkert, Cigent CEO and Co-Founder, Cigent
In an era where data security breaches are not just incidents but an event that can topple organizations,
the importance of robust security measures has never been more desperately needed. This is particularly
true for federal and sensitive commercial sectors like healthcare, where the stakes involve national
security and patient safety. Among the myriad of security measures available, Full Drive Encryption (FDE)
is often relied upon to secure data at rest (DAR). FDE alone however, is not adequate security if it is
dependent on post-boot authentication (OS account login) to “unlock” the drive. These credentials can
be compromised, and advanced threats can even bypass the login step altogether. To ensure FDE can
effectively secure DAR, it should be tied to Pre-Boot Authentication (PBA). PBA stands out as a critical
layer of defense, especially against the threats posed by compromised devices.
Understanding Pre-Boot Authentication
Pre-Poot Authentication is a security protocol that requires user authentication before a device's
operating system loads. This could involve biometrics, smart cards, or other tokens. Unlike traditional
Cyber Defense eMagazine – March 2024 Edition 73
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.