In recent years, protection of sensitive data has received increased attention. Protection of digital data has become a necessity, certainly in the light of new European Data Protection Regulation. Technically, encryption is the go to protection mechanism; it may be implemented in software or hardware (or both). It can be applied on the level of individual files, or the entire drive, which is called full-disk encryption. Full-disk encryption is often the solution of choice as it takes away concerns of sensitive data leakage through, for example, temporary files, page files and caches. Several software solutions for full-disk encryption exist, and modern operating systems typically integrate it as a feature. However, purely software-based encryption has inherent weaknesses, such as the encryption key being present in RAM at all times and performance drawbacks.
In an attempt to address these weaknesses, hardware full-disk encryption is often proposed; the encryption is performed within the drive itself, thereby confining the encryption key exclusively to the drive. Typically, the encryption itself is performed by a dedicated AES co-processor, whereas the software on the drive (firmware) takes care of the key management. It is often regarded as the successor of software full-disk encryption. Full-disk encryption software, including those integrated in modern operating systems, may autonomously decide to rely solely on hardware encryption in case it is supported by the storage device (via the TCG Opal standard). In case the decision is made to rely on hardware encryption, software encryption is disabled. In fact, BitLocker, the full-disk encryption software built into Microsoft Windows, switches off software encryption and completely relies on hardware encryption by default if the drive advertises support.