Paul Giddens wrote:
GIVEN that, if you are concerned about security and want to use
encryption,
WHY would you choose to NOT do full disk?
From a functionality perspective the answer is simple: more encryption
will cost more performance (unless the disk itself supports
en/decryption in real time).
From a security perspective:
- because you might have a computer used by more than a single person
- because you might have a person using more than a single computer (and
still wanting to be able to en/decrypt his data everywhere)
- because you might have a person who does neither own nor administer a
computer and needs the ability to change the encryption keys herself
Pretty much like with transport vs. end-to-end encryption there are uses
for both types of storage encryption. They might be completing each
other in a security solution but will not be able to act as functional
substitutes for each other.
Denis
---------------------------------------------------------------------------
---------------------------------------------------------------------------
