In the past, I have tried to make the case for encrypting physical servers on premise. The argument for not needing to encrypt them is that these servers usually run for weeks, months or even years without being brought down, and that they are physically protected within a well-fortified data center. The protection that Full Drive Encryption (FDE) brings only really applies to data at rest, and it seldom is at rest on these servers. I would counter that all drives eventually leave the data center for repair or disposal, and having them encrypted protects you from having your old drives show up on eBay, with your customer data still on them. Encrypting the drive means it can be quickly and easily crypto-erased if it is still operational, and if not, the data is still not accessible without the encryption key.
Recently, some concrete evidence for the need for server encryption have come to my attention. I can’t reveal all the gory details, but it highlights the use case and usefulness of FDE for physical servers:
Use case: Windows Server drive Lost in transit from a branch.
A regional financial services organization (FSO) has hundreds of servers spread across hundreds of branches. There are no IT personnel at each individual branch capable of analyzing and repairing the servers. These resources are based at headquarters. Therefore, when there were issues with the server, including drives, the components are required to be sent to headquarters to be analyzed, repaired, or replaced. Drives that malfunction were sent via courier or the postal service. The threat? When an organization ships a drive with data on it they are assuming the risk that it could be lost or stolen in transit, and this was exactly what happened. The FSO then had a “situation” to handle. They now become obliged to report it to the authorities and deal with the legal and financial consequences.
The solution to the FSO’s challenges with managing server security throughout its network of branches was simple; encrypt all the remotes servers. Then, if lost in transit, the risk is limited to the replacement cost of the drive, which is order of magnitude less than dealing with the legal and financial consequences of a breach. When I say the solution was simple, I mean not just in theory, but also in practice. The encryption software was deployed to nearly 1,000 servers. All were encrypted in very short time period, and without a single support ticket being opened.
The above use case isn’t limited to financial service organizations. Any enterprise or retail operation that has branches, and servers at those branches, may be subject to the same issues. Also, the “data centers” in a branch could simply be a closet and not as physically protected as the “well-fortified data center” at headquarters. Drives could easily go missing from the branch itself and not just in transit. In short, the answer to the question “Do physical servers really need to be encrypted?” is yes, and especially ones that are housed in branches because the risk of loss or theft is higher.