What impact does full hard drive encryption have on performance?

Solution 1:

The "HP Protect Tools" is a rebadged McAfee/Safeboot FDE product. The performance impact shouldn't be too bad -- I'm assuming that you're using AES.

We encrypted about 5,000 laptops three years ago, and our folks didn't report any significant performance issues. A few older boxes blue-screened, that's about it. You may be experiencing slowdowns immediately after enabling encryption... encrypting the disk can take 8-20 hours depending on the vintage of the equipment and size of the disk.

Solution 2:

We've used Safeguard Easy for years and Truecrypt's whole disk encryption since it came out, and neither has caused a big performance hit; even the older notebooks run development and database software without a noticeable difference in speed. Some people will even tell you that whole disk encryption software makes some operations run considerably faster due to compression, improved drive read routines, pipelining and the like. I wouldn't go that far, but as with most things, the truth is probably somewhere in between.

The peace of mind from encrypting your disk, particularly if you have any kind of regulatory/compliance threshold in your industry (or are just paranoid) is worth the minimal hit of the encryption software we've used for this purpose.


Solution 3:

To answer this question, we need to know: is your app disk bound, CPU bound, or something else? Traditionally disk encryption involves a minor hit to performance; disk is usually slow that the decryption overhead is miniscule. However, if CPU is a concern, this can get hairy.

Development workstations are usually CPU powerful, to improve productivity. Faster build times, autocompletion/intellisense, automated unit tests, etc. Normally a laptop's compromises in the name of portability hinder the idea; giving developers a laptop suggests you've already run out of ideas for spare CPU cycles and might be able to afford disk encryption.

What you need to do as an IT professional is build a model of what developers need computational power for, and benchmark how those tasks fare under proposed conditions: no encryption, full disk encryption, and partial encryption.


Solution 4:

The only proof is to measure. Take timings on a laptop with no encryption and compare with one that does. Of course there will be overhead in the encryption, but don't rely on a subjective "feels slower". What encryption are you using? Bitlocker? 3rd party app?

As to the final question, it is too easy to accidentally miss (or even define) what is sensitive data. So I would keep the whole disk encryption if possible.


Solution 5:

My own experience is that ca 30% of the CPU will be dedicated to crypto, and a 50% hit in disk performance. I've tried several encryption alternatives - SafeGuard, OSX FileVault, PGP WholeDisk.. the same rule of thumb seems to apply. The CPU-use is particularly annoying though, as it affects battery time too.

A quick google search revealed this test which seems to verify my gut-feeling: http://www.isyougeekedup.com/full-hard-disk-drive-encryption-benchmarks-and-performance/