Corporate data are increasingly mobile, distributed, and prolific. Data are routinely taken out of physically secured facilities to accommodate workers who travel or have flexible working habits. Data are also distributed geographically as corporations' business interests take them into other cities, states, and countries. Data are prolific in both the rate at which they are generated and in the multi-media formats in which they can be presented. All of these forces drive the evolution of new storage media, higher bandwidth subsystems, and network-connected storage that require that data be protected both while in transit and while at rest. Furthermore, computing platforms are becoming more mobile, smaller and light weight. Users are more likely to carry multiple computing devices. All these factors raise the likelihood of loss and theft which translates to increased capital expenditures as well as security risk due to increased potential for dictionary attacks on user passwords.
Data-at-rest (DAR) encryption technology prevents the unauthorized use of data stored on lost or stolen storage devices, thereby preventing these data from being spread on the Internet or other networks. DAR encryption acts as an automated and quick response mechanism to prevent the inevitable loss and theft of storage devices from becoming the loss and theft of the data stored on those devices. However, DAR encryption technology is often implemented using a single password to control access to encryption keys that can be used to decrypt the data stored on the encrypted hard drive. Similarly, hard drives are often protected using a single password. A thief who can guess the user's password can circumvent these common protection mechanisms.