? for you IT security types...drive encryption software needed

DayTrader

DayTrader

Weaksauce
Joined
Feb 13, 2008
Messages
90
drive encryption software needed

New standards at my company mandate that we ALL have some sort of encryption software on all of our pc's. Since my W7 Ultimate came with Bitlocker, and it's on the list of "allowable encryption programs," my pc is all set.

However, I've been asked to put something on all my co-workers' machines and I don't know what's good, what's bad, what works, what's a resource hog, etc. So....... I was hoping one of you IT security types might have some experience with this stuff and have some recommendations. I've just started looking at online reviews but figured I might get lucky and someone here can save me a bunch of reading.

FWIW, I've got about 12 pc's to get up to standards - half are co-owners of the business and half are support staff.

My options:
BeCrypt
DriveCryptPlus
MSFT Bitlocker (will use this on my machine since it's the only one with the program in the first place)
TrueCrypt
Trustware/BitArmor Data Control

thanks in advance
 
I've done about 20 or so laptops with TrueCrypt.....free, and works well.

For new stuff, I much prefer hardware FDE...purchase laptops with hardware full disk encryption. NO performance loss.
 
what's the reason for the mandatory encryption? PII or the like? Data that requires to be HIPPA compliant?

Are you needing some sort of centralized-logging, in case a device goes missing/stolen/etc you can prove it was encrypted?
 
Just a corp thing..... to be in compliance with "our" interpretation of maintaining security on client data. Basically, when they come in to audit, we have to evidence that we have one of the approved solutions installed on all pcs that access client information.

My office is one of 1000's (all independently owned) that have to be in compliance with corporate's interpretation of some nebulus rules are. I wasn't aware that TrueCrypt was open-source so I'll probably go with that on my machine first (instead of BitLocker) so I can get accustomed to it and then will put it on everyone's pc.

Ha......fwiw, their latest "golden nugget of IT security" is that we (fainancial planners) can't have our client's names in our cell phones if those names are accompanied by a phone number. We've been told we can save the number with no name......or the name with no number. I guess so when we lose our cell phones nobody will be able to get my client's names/numbers off my phone...... cuz.....yanno......doing a search on whitepages.com is soooooo difficult

/.rollseyes.\
 
My vote would be for true crypt or for one of the Seagate FDE drives like YeOlde suggested.

j-sta also brings up another good point.
 
DayTrader said:
Ha......fwiw, their latest "golden nugget of IT security" is that we (fainancial planners) can't have our client's names in our cell phones if those names are accompanied by a phone number. We've been told we can save the number with no name......or the name with no number. I guess so when we lose our cell phones nobody will be able to get my client's names/numbers off my phone...... cuz.....yanno......doing a search on whitepages.com is soooooo difficult

/.rollseyes.\
Click to expand...

What kind of phones do you guys have. If you have blackberries or Active Sync enabled devices you should suggest enforcing a lock password that whipes the phone after 10 wrong attempts, and then if you have iPhones require an encrypted backup.

I remember coming up against a company like that. Their security officer had all these crazy ideas that were more of a security through obscurity then actual security measures. Auditing them was quite a bit of fun actually, watching every single one of his "failsafe" security measures failing to common workarounds or in some cases some simple social engineering.
 
j-sta said:
what's the reason for the mandatory encryption? PII or the like? Data that requires to be HIPPA compliant?

Are you needing some sort of centralized-logging, in case a device goes missing/stolen/etc you can prove it was encrypted?
Click to expand...

All the above and I would add to that, who is going to keep a copy of the encryption keys so that you can decrypt if a user gets hit by a bus? Do you require a centralized key repository?
 
For a small deployment just use TrueCrypt

If you were larger symantec and other companies make some decent products
 
DayTrader said:
Just a corp thing..... to be in compliance with "our" interpretation of maintaining security on client data. Basically, when they come in to audit, we have to evidence that we have one of the approved solutions installed on all pcs that access client information.
Click to expand...

Actually, your corp probably has client information of Mass residents which are covered under a pretty severe new privacy law that requires full encryption of their PII.
 
You must log in or register to reply here.
Back
Top