Neither and both, actually.
Encryption in general, and whole-disk encryption specifically, has come a long way since it was first introduced many years ago. One of the most striking changes is its impact on performance.
I’ll put it this way: I wouldn’t let performance concerns hold you back from using whole-disk encryption.
Become a Patron of Ask Leo! and go ad-free!
“Whole disk” is all about the disk
Whole-disk encryption kicks in when things are written to or read from the disk. That means the apparent performance of your disk when encryption is at play is gauged by two things: the speed of the disk itself and the speed of your CPU.
Both have been getting significantly faster over time.
While not directly impacting encryption, the speed of hard disks — both SSD and HDD — is impressive. In general, speed is the first thing we think of when it comes to read/write performance, whether your data is encrypted or not. You’re more likely to notice the impact of a slower drive than you are to notice whether the data is being encrypted.
CPU speeds, as well as the number of CPUs available on a PC, directly impacts the performance impact of encryption. Encryption can be a (very) complex mathematical calculation. As complex as it may be, though, today’s CPUs are more than capable of handling the work without breaking a digital sweat.
In comparison to the amount of time required to get the data on and off the disk — which is the same whether it’s encrypted or not — the additional time it takes to encrypt or decrypt that data is amazingly small.
Encryption is all about disk activity
There’s no specific time when whole-disk encryption has more or less impact. It’s simply something that happens as your computer reads and writes data to and from the encrypted disk.
Startup tends to be particularly disk intensive, as the operating system and all your startup applications and data are read from (or written to) the disk. But this is the same with or without encryption.
I also can’t say that it has “constant” effect on your performance, because it’s only about disk operations, nothing else. If your computer is idling, there can be no impact, as there’s no disk activity and no encryption being performed.
Whole-disk encryption: more important than speed
Performance is not a reason to avoid modern whole-disk encryption offered by Windows’ own BitLocker or tools like VeraCrypt. Performance impact is minimal if it’s even noticeable at all.
More important is your ability to access the data when something goes wrong. That means:
- Back up the key. Make absolutely certain your encryption key is backed up. Microsoft makes this easy if you’re using BitLocker, a Microsoft account, and OneDrive — it offers to back up the information for you. Regardless, take the extra time to export the key1 and save it in a safe place. If for any reason you lose the ability to log in to your machine, your encrypted data is lost forever without the ability to recover that key2.
- Remember the password. If you use a password- or passphrase-based encryption tool like VeraCrypt, don’t lose the password. There’s no back door. Without the password, your data is inaccessible. Keep it in a safe place, such as your encrypted password vault (even if only to be able to remind yourself, or copy/paste when needed) or some other secure location.
- Keep backups safe. I strongly recommend backing up your encrypted drive in unencrypted form. Most backup programs do this automatically, as the encryption is just as transparent to them as it is to any other software running on your machine. That means you need to make sure that the backups themselves are stored securely since they’re unencrypted.
If your data is sensitive, or your computer is easily lost or stolen, the benefits of whole-disk encryption are worth considering for the privacy and security of your data.
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I'll see you there!
Footnotes & References
1: Article forthcoming; but to start, right-click on the drive in Windows File Explorer and then click on Manage BitLocker.
2: Kinda the point of the encryption in the first place: someone unable to log in to your machine, and not in possession of the recovery key, shouldn’t be able to view your data.