Product Group Tests
A strong feature set that includes 64-bit support, all for a good price, make PGP's Whole Disk Encryption our Best Buy.
Solid overall value for money from SafeNet's ProtectDrive gives it our Recommended rating.
Full Group Summary
As concern about confidentiality grows, the need to encrypt data is a key business issue. Hardware and software options are tested and good documentation praised. Nathan Ouellette reports.
There is growing support for encryption mandates in businesses that need to protect sensitive data. In the US, several states have enacted laws that require companies that have reported a data breach to encrypt customer data; notorious data losses by UK government departments emphasise the point.
It is true that encryption offers an extra level of security, but mismanagement of technology can add to the risk.
Organisations are looking for simple solutions that can integrate with existing technologies, but do the job of encrypting endpoints without impeding performance or user productivity. Transparency to the user is a must nowadays, and vendors are responding to this. As the market matures, organisations can implement a solution without investing significant resources.
Encryption products are either hardware-based (chipsets such as the Trusted Platform Module) or software-based. Software products range from whole disk encryption to encrypting particular files, folders or removable devices such as USB drives. Whatever the aims of a particular product, businesses should implement solutions in line with their own security objectives.
In this issue
We examined both products that perform whole disk encryption (often referred to as FDE or "Full Disk Encryption") and products that help to secure folders or files within the operating system. Both types of product aim to ensure that only those who need access to the data have the ability to do so. This is achieved by locking out unauthorised users by using keys and encryption mechanisms. Most products are standards-based, and use generally accepted methods of encryption and key management.
Performance is less of an issue with today's encryption solutions. Most of the products we tested performed to the same technical levels when determining how quickly disks or files can be encrypted or decrypted. There are other important aspects to consider. Ease of implementation, integration with other systems, support for various operating systems and even the recovery of keys should all be considered.
How we tested
All of the products were divided into two areas, client and server software. All server software was installed on both a virtual instance and a physical machine. Our lab server machines consist of Windows 2003 RC2 Standard Edition servers; with Windows 2008 with Hyper-V for our virtual instances. Our client machines were installed with Windows XP SP2 and Windows Vista Business Edition SP1. Linux-based systems were only used to attempt to boot to encrypted Windows devices in order to access the drive. We installed IIS, MS SQL Server 2005 and ADAM when specific vendor requirements called for it.
The areas we focused on were: installation, administration, usability in an enterprise environment, user experience (transparency), support, price and overall value for money. While some products integrated into Active Directory, we recognise that some organisations may not allow for their AD environment to be altered. Most of the products that were not AD-integrated did have the ability to import users from various directory services.
The core concern of our testing was to determine how easy and efficient it was to create policies and deploy them to endpoints. Most products in our review made it easy to import or choose users, groups and computer objects and then deploy our policy templates to those users. However, we noticed that not every solution had the ability to monitor whether the endpoints received and were using that policy.
We liked the ability to see what was secured (or not), so that we could make informed decisions about how to secure certain assets based on the criticality in the environment. The overall assessment of ports and ancillary devices is also welcome. Having a window into your environment regarding what physical and logical channels exist for users to exploit helps the administrative cause in the long run.
Because cryptography is a more specialised field, documentation becomes even more important. Vendors that organised their documentation in an easy-to-read format scored higher on our tests, because stakeholders may rely on it much more heavily than with other solutions. This also applies to how easy it would be for an administrator to use the solution. In this review, this was the biggest variable. Some products were a breeze to set up, while others contained extensive and detailed manuals with hundreds of pages just to install or configure.