What is Endpoint Encryption?

Endpoint encryption uses encryption algorithms to protect the files stored on an endpoint. This is an essential part of an endpoint security strategy that protects this sensitive data against physical threats.

Schedule a Demo

What Endpoint Encryption Defends Against

An attacker can gain physical access to computers containing sensitive data in a number of different ways, such as:


  • Lost/Stolen Devices: As remote work and the use of mobile devices become more common, the threat of lost and stolen devices grows. If a device is lost on the subway or swiped from a coffee shop table, an attacker with physical access to the device may try to read the data stored on the device.
  • Discarded Devices: Companies and individuals discard devices containing potentially sensitive information all of the time. In some cases, cyber threat actors collect these secondhand devices and attempt to read the data that they contain, which may reveal corporate data or customers’ personal information.
  • “Evil Maid” Attacks: “Evil maid” attacks describe the threat of an attacker gaining physical access to a device left in a hotel room, company office, etc. Under these circumstances, the attacker may be able to read data or install malware on the device.


Physical access to a device enables an attacker to bypass a variety of different cybersecurity solutions. Endpoint encryption can make it infeasible for an attacker to steal sensitive data from a device in their possession or install malware on the device.

How Endpoint Encryption Works

The underlying components of all endpoint encryption solutions are fairly similar. The encryption algorithms in common use today – such as the Advanced Encryption Standard (AES) and Rivest-Shamir-Adleman (RSA) – are public protocols that anyone can use. These encryption algorithms are believed to be secure against attacks by modern computers.


The main difference between endpoint encryption systems is the level at which encryption is applied. The two main types of endpoint encryption systems are full-disk encryption and file encryption.


  • Full-Disk Encryption

Full-disk encryption (FDE) takes a one-size fits all approach to encryption. The entire drive is encrypted using the same encryption algorithm, settings, and secret key. This secret key is stored on the device itself and is only accessible once a user has authenticated to the system.


Once a user has logged into the system, it is possible to decrypt all of the files and folders on the system. This makes it possible for the system to boot up and provides the user with full access to their files and folders, providing the best user experience.


  • File Encryption

At the other extreme, some endpoint encryption systems provide the ability to perform encryption on a per-file basis. This enables a user to precisely define which files they want to encrypt and the details of how that encryption is performed.


This approach to data encryption has its benefits as well. With more granular control over which and how files are encrypted, a user can make decisions that ensure that encryption is applied to the files that need it without wasting time and resources on files that do not require protection.

Why Use Endpoint Encryption?

Endpoint encryption solutions – whether full-disk or file encryption – provide the ability to protect data stored on a device against physical threats. This provides a number of benefits, such as:


  • Data Security: The main reason to deploy endpoint encryption is to protect sensitive data against unauthorized access and leakage. With endpoint encryption, an attacker with physical access to a device lacks the ability to access the data that it contains.
  • Malware Defense: With full-disk encryption, it is impossible to access the file system without knowing the password used to encrypt it. This makes it infeasible to use physical access to add malicious code to the system.
  • Regulatory Compliance: Many data protection regulations mandate the use of encryption to protect data both at rest and in transit. Deploying endpoint encryption on devices containing sensitive data protected by data protection regulations can be a vital part of achieving compliance with some regulations.

Securing Endpoints with Endpoint Encryption

As remote work becomes more common, the endpoint is becoming a primary target of cybercriminals and a potential weak point in organizations’ cyber defenses. As devices move increasingly off-site, the potential for loss, theft, or other unauthorized access grows.


Endpoint encryption solutions help to ensure that only legitimate users have access to these devices and the potentially sensitive information that they contain. Check Point’s Harmony Endpoint offers full-disk encryption and the ability to encrypt removable media – such as USB drives – inserted into a protected system. This helps to ensure that the data stored on these devices is protected against physical threats.


To learn more about the capabilities of Harmony Endpoint, check out the Harmony Endpoint product page. You’re also welcome to request a free demo to see Harmony Endpoint in action.

This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.