Container Encryption
What it does
Layered security option, allowing the creation of encrypted sections on hard drives (encrypted or not) and/or removable media. This supports a ‘defense in depth’ of sensitive data, and offers more granular control over access to the data.
How it works
A ‘container’ or ‘virtual drive’ is created within an encrypted drive with its own access rights and restrictions. Even if a user has authenticated at pre-boot to the machine, if they do not have rights to the container, they will be unable to access the contents.
Container encryption offers users the ability to create what’s called a “container” which is simply a pre-defined amount of space on a drive or device that holds sensitive data, e.g. 500 MB. Users can then drag and drop files into the container to have them automatically encrypted. Encrypted data can easily be shared based on “group” key sharing, e.g. sharing files locally as well as on network shares.
If used on removable media, container encryption is almost as secure as our sector-based RME. A user can create a container which occupies all disk space on a USB drive, for instance, thus all files or data written to the USB will be encrypted, even the file names. Container encryption provides an important and flexible option for the protection of data within an encrypted drive.
