Endpoint Encryption: Full Disk, File-Level, and Removable Media
Endpoint encryption encompasses the cryptographic controls applied directly to storage media, file systems, and portable devices to render data unreadable without authenticated access. This page covers the three primary implementation classes — full disk encryption, file-level encryption, and removable media encryption — along with their regulatory context, technical mechanisms, and the decision factors that determine which class applies to a given deployment. Encryption at the endpoint is a foundational control in frameworks published by NIST, CISA, and sector-specific regulators, and its correct classification directly affects compliance posture under standards such as HIPAA and FIPS 140-2.
Definition and scope
Endpoint encryption is the application of symmetric or asymmetric cryptographic algorithms to data stored on endpoint devices, including laptops, desktops, servers classified as endpoints, smartphones, and portable storage media. The control objective is confidentiality-at-rest: if a device is lost, stolen, or physically accessed without authorization, the protected data remains inaccessible without a valid decryption credential.
NIST Special Publication 800-111, Guide to Storage Encryption Technologies for End User Devices, defines three architectural layers at which storage encryption can operate:
- Full disk encryption (FDE) — encrypts every sector of a storage volume, including operating system files, swap space, and temporary files, typically activated at pre-boot via a Trusted Platform Module (TPM) or PIN.
- File/folder-level encryption (FLE) — encrypts individual files or directories independently of the underlying volume, allowing selective protection and granular key management.
- Removable media encryption (RME) — applies encryption to USB drives, external hard disks, SD cards, and optical media, enforced either by device policy or dedicated management software.
Each layer addresses a distinct attack surface. Full disk encryption protects against physical device theft but does not protect data once the disk is unlocked. File-level encryption can protect specific data sets even against an authenticated operating system session. Removable media encryption closes the exfiltration vector associated with portable storage — a threat category examined in detail at USB and Removable Media Security.
Regulatory scope for endpoint encryption spans multiple frameworks. Under HIPAA Security Rule 45 CFR §164.312(a)(2)(iv), encryption is an addressable implementation specification for ePHI on endpoint devices. The FIPS 140-2 standard (and its successor FIPS 140-3) sets validated cryptographic module requirements applicable to federal systems, as reinforced by NIST SP 800-53 Rev. 5 control SC-28 (Protection of Information at Rest).
How it works
Full Disk Encryption
FDE operates below the file system layer. When a drive is encrypted with a tool such as BitLocker (Windows) or FileVault (macOS), a volume encryption key (VEK) encrypts raw disk sectors using AES-256 or AES-128. The VEK itself is protected by a key encryption key (KEK), which is tied to a TPM chip, a PIN, a startup key on removable media, or a combination. At pre-boot authentication, the KEK unseals the VEK, which then transparently decrypts sectors on read and encrypts on write. The entire process is invisible to the operating system and applications.
File-Level Encryption
FLE operates above the file system. Each file or directory is encrypted with a unique data encryption key (DEK). Common implementations include Microsoft Encrypting File System (EFS), OpenPGP-based tools, and enterprise solutions integrated with identity management. Key management complexity is higher than FDE because individual DEKs must be distributed, escrowed, and revoked independently. FLE is the appropriate control when data must remain protected across multiple systems or when different users require different access to files on the same volume.
Removable Media Encryption
RME can be enforced through endpoint management platforms that apply policy-based encryption to any removable storage device on insertion. Some implementations use container-based encryption (an encrypted vault written to the media), while others require the host to decrypt transparently. Endpoint protection platforms frequently include RME enforcement as a component of their device control modules.
The cryptographic algorithms underpinning all three classes must meet NIST-approved standards — AES (FIPS 197) is the dominant symmetric cipher, while RSA and ECC are used for key wrapping and authentication.
Common scenarios
Endpoint encryption applies across a range of operational contexts:
- Lost or stolen laptop — FDE prevents unauthorized access to all data without the TPM-bound pre-boot credential; no individual file recovery is possible by the attacker.
- Healthcare worker device containing ePHI — FDE satisfies the HIPAA addressable specification for encryption; combined with FLE for specific record sets, it supports audit-ready data segregation.
- Contractor-owned USB drive on a corporate network — RME policy blocks unencrypted media from mounting; encrypted containers ensure only authorized keys decrypt the data.
- Remote worker accessing sensitive files — FDE on the endpoint combined with FLE on shared file repositories limits exposure if the endpoint is compromised. This scenario is explored further at Remote Work Endpoint Security.
- Federal agency endpoint — FIPS 140-2/3 validated modules are mandatory; BitLocker in XTS-AES 256 mode with TPM 2.0 is a common compliant configuration under NIST SP 800-111.
- Financial services firm under PCI DSS — PCI DSS Requirement 3.5 mandates strong cryptography for stored cardholder data, which at the endpoint translates to FDE plus FLE for databases and log files containing PANs. See Endpoint Security for Financial Services.
Decision boundaries
Selecting among FDE, FLE, and RME is not a binary choice — the three layers are frequently deployed in combination. The decision framework turns on four factors:
1. Threat model
FDE addresses physical loss of a device. FLE addresses logical access by authenticated users or processes. RME addresses deliberate or accidental data transfer to portable media. Each threat vector from the endpoint threat landscape maps to a different encryption layer.
2. Key management capacity
FDE is operationally simpler — one key per volume, managed by the operating system's native tool or an enterprise key management server. FLE requires per-file or per-directory key provisioning and recovery workflows. Organizations without a mature key management infrastructure typically deploy FDE first and layer FLE only for designated high-sensitivity data classes.
3. Regulatory mandates
HIPAA, FISMA, and PCI DSS each reference encryption but differ in specificity. FISMA-regulated systems must use FIPS 140-validated modules (NIST SP 800-53 Rev. 5, SC-28). HIPAA does not mandate a specific algorithm but requires that the implementation render ePHI "unusable, unreadable, or indecipherable" per HHS Guidance on Encryption. PCI DSS specifies cryptographic strength without dictating a single product.
4. Performance and compatibility constraints
FDE imposes negligible performance overhead on modern hardware with AES-NI instruction support. FLE can introduce latency proportional to file size and key lookup time, particularly on systems without hardware acceleration. Legacy operating systems may not support native FDE, requiring third-party agents — a endpoint hardening consideration that affects patch cycles and agent compatibility.
FDE vs. FLE: key contrasts
| Dimension | Full Disk Encryption | File-Level Encryption |
|---|---|---|
| Granularity | Volume/partition | File or folder |
| Key management | Low complexity | High complexity |
| Protects from | Physical theft | Logical access post-boot |
| Performance impact | Minimal (AES-NI) | Moderate to significant |
| Recovery complexity | Single recovery key | Per-file or per-key recovery |
RME sits outside this comparison because it applies to portable media rather than primary storage, and its policy enforcement depends on endpoint management infrastructure rather than native OS features alone. Organizations managing data loss prevention at endpoints will typically integrate RME controls with DLP policy engines to enforce consistent classification-based encryption rules.
References
- NIST SP 800-111: Guide to Storage Encryption Technologies for End User Devices
- NIST SP 800-53 Rev. 5: Security and Privacy Controls for Information Systems and Organizations
- FIPS 140-2: Security Requirements for Cryptographic Modules
- FIPS 197: Advanced Encryption Standard (AES)
- NIST Cryptographic Standards and Guidelines