What do we need to consider when choosing a full
disk encryption solution for our company?
Which is the best company for disk encryption?
I could see that PGP slowed down my system considerably. That was some 4 years back. Nowt sure, if they have made some improvement in their offerings.
Otherwise, Among the commercial products, there is not a great deal that truly distinguishes one from another. It is up to each organization to review the products and determine which best meets its own needs. In many cases this will mean purchasing a product from the same vendor that supplies other security products in use within the enterprise.
All good suggestions above. Other things to consider are the following:
- Do you need to be compliant to any regulations? Eg. For PCI compliant, it requires 2 different sets of credentials for authentication per user per device; not all solutions provide this.
- Do you have a single OS environment? Eg. Windows only? Or do you need to protect Windows, Mac and Linux? Choosing a vendor that can protect all your needs under one pane of glass would be important as you don’t want to multiple management consoles.
- On top of full disk encryption, what’s in your future plan for data protection? Would you need to protect removable media, cloud sharing app such as DropBox, Box, Google drive and/or cloud VMs (AWS, Azure VMs)? I’d recommend a vendor that has the capacity to do all that so it can support your forward looking strategy.
- Next is user experience. Introducing new user experience to your users can be a headache. You might want to select a solution that simplifies this so data is protected without additional user interaction.
- Recovery procedures (Password reset / data recovery) should be easy as addition procedure will add to your operating cost. With PreBoot authentication in place, can password resets be as simple as resetting a user’s AD password?
- Finally and most importantly is encryption key management strategy. You need to consider a vendor that can help you keep your encryption keys secure but at the same time, does not increase your administrative overhead for you.
All in all, you need to look for a solution that can help you keep your business’ data secured without hindrance and is able to grow with you as other data protection needs arises.
The best software that used for disk encryption is the sophos safeguard encryption.
I concur with John, when choosing a full disk encryption it really depends on what your company needs are. The first thing I would definitely suggest is talking to the stakeholders of your company to determine what they are looking for when they say they want disk encryption. Once you have established their definition, you can now look at your existing solution and see if you already have it as an existing encryption feature that can be tested and implemented; if not then you can definitely reach out to your current software vendors to see if they have anything that will work with your existing infrastructure without causing any undo issues or significant cost increase. Your best bet is to seriously evaluate 2-3 solutions before presenting them as final choices so that you aren't in a situation where you have no idea how to recover from any of them due to lack of serious research. I personally have dealt with all of the ones that John have listed and have really liked them all, however as was suggested test a few of them out first and definitely engage current vendors that you have to see what solutions they can offer that will fit the needs of your specific organization.
Choosing full disk encryption software is really a matter of preference, as many of them offer mostly the same features. You may want to go with a solution that is part of a larger suite, such as an encryption product that can be bundled with an anti-virus product that you may already own. That way, it may be simply a matter of upgrading your existing licenses to include the encryption feature. You will want to test a few solutions out, to see how they work on your hardware and what they make the end user go through to authenticate. Then there are the lower cost solutions that may be already built into your current Operating System, such as BitLocker for Windows, and FileVault for MAC. If you choose to use one of these options, then you may only need a management server from which to manage the encryption keys and settings, which could lower your overall investment needed. As a Windows user, I really like the BitLocker solution that comes with the proper version of the Windows OS, and using the BitLocker To Go feature is an easy way to secure data that needs to be stored on external drives. Overall, you want to be sure you test and review the offerings form leaders such as Mcafee, Symantec, CheckPoint, and Microsoft.
Hi, we're planning to replace PGP with Microsoft BitLocker for our endpoints. What aspects should we take into consideration during this move?