Dell Encryption Personal - FDE or FLE or both?

Hi VanIslander!

Dell Encryption - Personal Edition has a few methods of managing data, depending on the hardware that was purchased with the computer. At its core we will have two primary methods of protecting data: Self-Encrypting Drive Management, and File-Level Encryption.

Self-Encrypting Drive protection protects the disk by leveraging the built-in hardware that Self-Encrypting Drives all contain, and we will "protect" the unlock key that is visible by default by placing a Pre-Boot Authentication environment infront of the unlock key that will require you to authenticate using your Windows credentials that are synced down from within the OS before you can gain access to the bootloader on the disk. SEDs only re-lock on loss of power to the drive (hibernates, and shut-downs).

the File-Level Encryption is built on a multi-key architecture that offers a different way of protecting data. The templates offered during the setup define the folders that will be interrogated to encrypt the files within, as well as what key types we will be leveraging to perform that encryption. Out of the box we leverage 4 key types

- SDE - System Data Encryption - This key is unlocked during the boot of the operating system and will remain unlocked until the Operating System is shut down. This protects most OS data, but is typically not leveraged for user-based data.

- Common Key Encryption - This key is unlocked during an authenticated user's login. An "Authenticated User" is any user that has been validated to be approved by the Encryption Admin Password being entered during the prompt after the user's login to the device. Once a user is authenticated, any common encrypted data will be available to them while their session is active. When a user logs off, all common key encrypted data will be re-sealed.

- User Key Encryption - This key is unlocked when one specific user logs into the system to unprotect data. This data will remain unlocked as long as the user is logged in.

- User Roaming Encryption - This is used by default for removable media (USB drives, DVDs, etc), and allows an unlock based on the user and device that the USB drive was provisioned and encrypted on. During the USB drive provisioning, a password will be requested to the user to assign to the drive to allow users access to the encrypted data on the disk.

Dell Encryption's File-Level encryption also offers further protection by allowing the paging file to be encrypted (this is done by default), and has the ability to protect the hibernation file for Legacy-boot based systems (currently UEFI is not supported for encryption on Windows 10 based on changes that MS has made for "hybrid" sleep modes, and the fun "fast start-up" options).

I hope this helps offer a bit more information and understanding to the product! :)

Thanks Dale.

I'd encourage new users to read and reread Dale's reply. It is packed with important information.