Encryption Plus Hard Disk
Strengths: Extremely simple to implement, administrate and use with lots of administrative options. Good value.
Weaknesses: Few bells and whistles – just the options for a bare bones, reliable hard disk encryption system.
Verdict: Has a simple, straightforward approach, ease of use and administration (with several admin. options depending upon local requirements) and value for money.
Compliant with FIPS 140-2 and using AES encryption, it is a good choice for sensitive data. But it also supports several other encryption schemes, including elliptic curve encryption.
It is certified under Common Criteria (ISO 15408) to EAL 1 (Evaluation Assurance Level 1), a nearly useless certification in this context. AEL 1 simply says the product is functionally tested and has the functions that it claims. Version 2 of the Common Criteria documentation says: “EAL1 is applicable where some confidence in correct operation is required, but threats to security are not viewed as serious.”
However, the product has a great deal to recommend it. There is a simplified password recovery process for users who forget their passwords, eliminating additional help desk assistance. This must be used with care, since it is possible to compromise. Initial encryption is a background function, so it is possible for users to continue to work while the product encrypts the hard drive.
The primary benefit of this product is its simplicity. While there are few bells and whistles, the product is very competent, efficient and full of the important features needed to protect data on a road warrior’s laptop, reliably and with a minimum of external maintenance. Such features as user emergency recovery diskettes and password self-verification that allows password resets by the user instead of the helpdesk, make the product’s use by people in poorly supported regions practical.
We found the documentation very good and were pleased with Guardianedge’s support. Support is an option and provided through a web portal. However, we were also able to get support by phone.
In order to deinstall, we found that the disk must be decrypted first. The documentation states that it can perform the initial encryption at about two minutes per gigabyte. However, we found that it took about 45 minutes to encrypt an 11GB disk under less than ideal conditions. A newer version claims to perform much faster encryption.