In my last post, I talked about some of the tools that claim to recover your stolen laptop. This time I want to review another series of tools that can be useful protection as well: doing whole-disk encryption of your hard drives across your enterprise. The idea that even if your laptop falls into the wrong hands, no one besides yourself will be able to read any of the files stored on it. When you boot your PC, you need to enter a password, otherwise the data in each file is scrambled, and no one else can gain access to your files.
Both the Mac OS X and Windows Vista Enterprise Editions currently offer built-in encryption as part of their operating systems: Apple calls theirs FileVault and Vista’s is called BitLocker. If you are going to start using either feature, make sure you review the information contained in both hyperlinks as there are a lot of limitations and configuration issues. Neither is very reliable and both are very fussy about how you setup your hard drive. That makes me a little nervous, especially if you want to start deploying them widely.
If you want something more reliable and powerful, then TrueCrypt.org has free open source tools for Mac, Windows, and Linux machines. One of the features that I like is the ability to recover a forgotten password, which is probably the biggest fear in using any of these products. Another is that they will extract some performance from your system, but the current versions work well and without much system overhead.
If you want something more powerful than password protection, you can link the encryption technology to the Trusted Computing Module chip, or make use of the built-in fingerprint reader, both are part of most modern Windows laptops.
But if you want something that you can deploy across your entire organization, there are four principal vendors of whole disk encryption utilities that come with more management features and of course will cost some dough. They are PGP’s Whole Disk Encryption and Secure Star’s DriveCrypt, both of which are reviewed here about two years ago. There are also Utimaco’s SafeGuard and MobileArmor’s Data Armor. On all of them, you can set up security policies, recover passwords, and generally have a better view of what is going across your fleet of hard drives that are using this software. Figure on paying about $50 a seat if you buy any of these products in some quantity.
In my next post we’ll look at some of the issues around using online backup service providers.
David Strom is a former editor-in-chief of Network Computing, Tom’s Hardware.com and DigitialLanding.com and an independent network consultant, blogger, podcaster and professional speaker based in St. Louis. He can be reached at david@strom.com.