Full Disk Encryption - For SMBs

la112651 · 22 Apr 2010 at 19:00

Hi all,

I'm looking for some full disk encryption software for 15 business users notebooks. Anyone got any good recommendations?

I've used Encryption Plus HDD from Guardian Edge at a previous employer and wonder what other people use.

Regards

(I also briefly looked at TrueCrypt)

Azuse05 · 22 Apr 2010 at 19:04

TrueCrypt is the best you'll get without paying, and you'll only then be paying for service since TrueCrypt is so good

la112651 · 22 Apr 2010 at 19:46

I might look at Truecrypt again then. I just ran into issues on one laptop and it put me off.

Any one else recommend any?

Westyfield2 · 22 Apr 2010 at 19:46

Azuse05 said:
TrueCrypt is the best you'll get without paying, and you'll only then be paying for service since TrueCrypt is so good

We've always used TrueCrypt for encrypted containers on drives etc, but when we chose our whole disk encryption for the Laptops we looked at TrueCrypt but it wasn't on the government approved lists so we couldn't use it. Also since then we've done ISO 27001 so I doubt it'd have been on that either. We went for Guardian Edge in the end. My only comment would be that it does slow the Laptops down, but I'd guess any encryption software on a 5400RPM mechanical HD will do so.
I'm trying to convince the Systems Director that going solid state in the laptops would be a good idea....

Not sure if we'll keep it or switch to BitLocker when we go Windows 7...

matthab · 22 Apr 2010 at 20:51

Ive used checkpoint and its very good.

rexehuk · 22 Apr 2010 at 21:07

I personally would use something like PGP. Nice and easy to use, tons of options and compatibility with a number of applications and online services. If you don't want to pay then TrueCrypt as mentioned is good.

http://www.pgp.com/products/wholediskencryption/index.html If you wish to have a read

theheyes · 22 Apr 2010 at 22:06

I recommend TrueCrypt.

AbsenceJam · 22 Apr 2010 at 23:56

http://forums.overclockers.co.uk/showthread.php?t=18077882
http://forums.overclockers.co.uk/showthread.php?t=18044047

IAmATeaf · 23 Apr 2010 at 10:14

For Government approved hard drive encryption we use BeCrypt, for email and virtual disk encryption we use PGP but neither are free.

I had a look at TrueCrypt just the other day and it does look like a capable product but have never used it to do full disk encryption.

Totality · 23 Apr 2010 at 10:32

Truecrypt is fine for home use, but for an office just remember if someone forgets their password then you can't remotely reset it with a challenge/response.

We use Utimaco and it works most of the time but is flaky and bricks a lot of laptops. It supports the challenge/response thing so you can reset remotely if required as it integrates with AD, but it's unreliable so laptops with a TPM chip have been moved over to Bitlocker by the powers that be and all new laptops that are bought have a TPM chip and will have bitlocker installed.

I don't choose the programs so can't be much more help than that! I use truecrypt on my own laptop and never had a problem with it. It's so much better than the Utimaco rubbish which costs loads! Just remember that if someone forgets their password in Truecrypt, if you haven't backed up the keys they will lose all their data!

J.B · 23 Apr 2010 at 10:35

We use PGP for our email and disk encryption, works pretty well, offer Blackberry support which is a big plus for us.

The whole disk encryption works well, not seen any drop in performance on our machines, mainly core2duos with 4GB of RAM.

Good thing about PGP WDE (if your environment is set up properly) you can centrally manage PGP WDE with PGP Universal Server which is useful if any user forgets there passphrases. Not sure if other software offers those things.

anything I don't mind · 23 Apr 2010 at 11:12

i would say safeboot but mcafee just bought them out.

i suggested truecrypt at the last place i worked but the people who make the decisions did not like it because it was not manageable. IE you can not reset the password from an admin console like other software.

I always thought that was the point. Who wants government approved encryption anyway. Oh great so it is encrypted but it has a backdoor for the nsa and GCHQ so they don't have to crack it.

I remember when truecrypt had true 1024bit encryption and it used to have a export warning on the website. But the intelligence agencies threw a hissy fit and now it is 256bit bull****.

You can be sure that bitlocker has backdoors so that they don't have to crack it. Microsoft + encryption = lol

Ev0 · 23 Apr 2010 at 11:49

groen said:
i would say safeboot but mcafee just bought them out.

Well, 2 and a half years ago

Use Safeguard here as well, used to be Utimaco but has since been bought out by Sophos.

Not a bad product, none of the encryption products out there are flawless, all have their niggles.

Works ok for us so not complaining (too much anyway

).

AbsenceJam · 23 Apr 2010 at 16:59

groen said:
i would say safeboot but mcafee just bought them out.

i suggested truecrypt at the last place i worked but the people who make the decisions did not like it because it was not manageable. IE you can not reset the password from an admin console like other software.

I always thought that was the point. Who wants government approved encryption anyway. Oh great so it is encrypted but it has a backdoor for the nsa and GCHQ so they don't have to crack it.

I remember when truecrypt had true 1024bit encryption and it used to have a export warning on the website. But the intelligence agencies threw a hissy fit and now it is 256bit bull****.

You can be sure that bitlocker has backdoors so that they don't have to crack it. Microsoft + encryption = lol

This post only contains false information.

theheyes · 23 Apr 2010 at 20:32

Totality said:
Truecrypt is fine for home use, but for an office just remember if someone forgets their password then you can't remotely reset it with a challenge/response.

We use Utimaco and it works most of the time but is flaky and bricks a lot of laptops. It supports the challenge/response thing so you can reset remotely if required as it integrates with AD, but it's unreliable so laptops with a TPM chip have been moved over to Bitlocker by the powers that be and all new laptops that are bought have a TPM chip and will have bitlocker installed.

I don't choose the programs so can't be much more help than that! I use truecrypt on my own laptop and never had a problem with it. It's so much better than the Utimaco rubbish which costs loads! Just remember that if someone forgets their password in Truecrypt, if you haven't backed up the keys they will lose all their data!

This is pretty much on the money. I think for a small business that is generally quite centralized TrueCrypt is more than manageable, but for much larger companies or companies that require lots of remote support something like Bitlocker would be more appropriate.

la112651 · 23 Apr 2010 at 22:27

Thanks for the responces everyone.

I'll be doing some further investigation on the suggested products

asim18 · 24 Nov 2013 at 21:37

AbsenceJam said:
This post only contains false information.

The post contains 100% factually correct information.

Which is brilliant, considering the extent of governmental spying and interference with internet presences has only been exposed this year.