DevOps.com

  • Latest
    • Articles
    • Features
    • Most Read
    • News
    • News Releases
  • Topics
    • AI
    • Continuous Delivery
    • Continuous Testing
    • Cloud
    • Culture
    • DataOps
    • DevSecOps
    • Enterprise DevOps
    • Leadership Suite
    • DevOps Practice
    • ROELBOB
    • DevOps Toolbox
    • IT as Code
  • Videos/Podcasts
    • Techstrong.tv Podcast
    • Techstrong.tv Video Podcast
    • Techstrong.tv - Twitch
    • DevOps Unbound
  • Webinars
    • Upcoming
    • On-Demand Webinars
  • Library
  • Events
    • Upcoming Events
    • On-Demand Events
  • Sponsored Content
  • Related Sites
    • Techstrong Group
    • Container Journal
    • Security Boulevard
    • Techstrong Research
    • DevOps Chat
    • DevOps Dozen
    • DevOps TV
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv Video Podcast
    • Techstrong.tv - Twitch
  • Media Kit
  • About
  • Sponsor
  • AI
  • Cloud
  • Continuous Delivery
  • Continuous Testing
  • DataOps
  • DevSecOps
  • DevOps Onramp
  • Platform Engineering
  • Low-Code/No-Code
  • IT as Code
  • More
    • Application Performance Management/Monitoring
    • Culture
    • Enterprise DevOps
    • ROELBOB

Home » Blogs » IT as Code » IT Security » Achieving Full Disk Encryption and PCI Compliance

Achieving Full Disk Encryption and PCI Compliance

By: Zach DeMeyer on February 14, 2020 1 Comment

Full disk encryption (FDE) is a critical security measure in today’s modern networks. With data security being more critical than ever, many IT admins are wondering how they can enforce full disk encryption across their fleets of cross-platform systems. Many organizations are also subject to compliance regulations including PCI DSS, which require FDE as a part of their compliance requirements.

Related Posts
  • Achieving Full Disk Encryption and PCI Compliance
  • GridGain 8.8 Advances Its Multi-Tier Database Engine To Scale Beyond Available Memory Capacity And Meet Growing Customer Demand
  • The IT Admin’s Checklist for a Newly Remote Company
    Related Categories
  • Blogs
  • IT as Code
  • IT Security
    Related Topics
  • compliance
  • cyrptography
  • data security
  • full disk encryption
  • hard drive
  • IT admin
Show more
Show less

What is FDE?

Full disk encryption locks down a computer’s hard drive when said computer is powered off or at rest. If a computer with FDE enabled is stolen, the only thing the thief will make away with is the hardware; the data on the system will be encrypted and very difficult to acquire.

TechStrong Con 2023Sponsorships Available

FDE programs (BitLocker for Windows, FileVault for Mac) utilize a recovery key as a method of authentication. When a user logs into their FDE-protected system, the drive is unlocked using their associated username and password. But in case a user forgets their password, is locked out or the hard drive needs to be removed and accessed for any reason, an IT admin uses the recovery key to decrypt the drive. Given the crucial nature of recovery keys, IT admins need to store them in escrow; that is, securely stored and categorized in relation to the system it belongs to.

What is PCI?

The Payment Card Industry Data Security Standard (PCI DSS) is a compliance regulation that was created to ensure that credit card data is kept secure by companies that handle this critical customer financial information. PCI revolves around securing the cardholder data environment, or CDE, which houses all credit card information that passes through a company under compliance. There are 12 main requirements under PCI regulation, but Requirement 3 deals specifically with data encryption.

Using FDE for PCI

At its core, PCI Requirement 3 calls for installing proper security measures to protect data housed in the CDE. It is arguably one of the most important requirements for PCI altogether. FDE is an ideal way to ensure Requirement 3 compliance. By locking down at rest systems, IT admins can prevent unauthorized access due to a stolen laptop or hard drive.

In regards to encryption, Requirement 3 also demands that cryptographic keys are securely stored and maintained. Using recovery key escrow, IT admins can ensure that only the right people have access to cryptographic keys and also monitor when they’re used for access and who uses them.

How to Enforce FDE to Achieve PCI Compliance

When it comes to enforcing FDE across Mac and Windows for PCI compliance, IT admins might find that their options are limited. Many FDE tools on the market are only capable of enforcing either Bitlocker or FileVault—not both. Since many of today’s IT organizations are heterogeneous with regards to system platforms, an FDE solution that can only enforce one or the other simply won’t do and admins would rather not implement multiple solutions to reach the desired end.

Additionally, IT organizations need their FDE solution to securely store cryptographic recovery keys in escrow. This need limits the list of ideal FDE options even more. At the end of the day, with these requirements, there’s an excellent option that provides IT admins with a low overhead FDE experience suited for PCI compliance. Using JumpCloud’s Policies, IT admins can enforce FDE at scale across their Windows and Mac system fleets, escrowing individual recovery keys safely.

— Zach DeMeyer

Filed Under: Blogs, IT as Code, IT Security Tagged With: compliance, cyrptography, data security, full disk encryption, hard drive, IT admin

« Cloud Confessions: Full Stack APM Is a Necessity
Call for Papers »

Techstrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Upcoming Webinars

Evolution of Transactional Databases
Monday, January 30, 2023 - 3:00 pm EST
Moving Beyond SBOMs to Secure the Software Supply Chain
Tuesday, January 31, 2023 - 11:00 am EST
Achieving Complete Visibility in IT Operations, Analytics, and Security
Wednesday, February 1, 2023 - 11:00 am EST

Sponsored Content

The Google Cloud DevOps Awards: Apply Now!

January 10, 2023 | Brenna Washington

Codenotary Extends Dynamic SBOM Reach to Serverless Computing Platforms

December 9, 2022 | Mike Vizard

Why a Low-Code Platform Should Have Pro-Code Capabilities

March 24, 2021 | Andrew Manby

AWS Well-Architected Framework Elevates Agility

December 17, 2020 | JT Giri

Practical Approaches to Long-Term Cloud-Native Security

December 5, 2019 | Chris Tozzi

TSTV Podcast

On-Demand Webinars

DevOps.com Webinar ReplaysDevOps.com Webinar Replays

GET THE TOP STORIES OF THE WEEK

  • Home
  • About DevOps.com
  • Meet our Authors
  • Write for DevOps.com
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • Privacy Policy

Powered by Techstrong Group, Inc.

© 2023 ·Techstrong Group, Inc.All rights reserved.