3 encryption apps keep your data safe

Mobile computing means the possibility of loss or theft. These 3 apps keep your data safe and secret.

1 2 Page 2
Page 2 of 2

One of the first things I chose to do was encrypt my complete hard drive on my system. Selecting that option launched a wizard that made the process ridiculously easy. Like BitLocker, the encryption process ran in the background. It took about two hours to encrypt the contents of the Toshiba Portege system, almost an hour faster than BitLocker. Also, TrueCrypt used negligible amounts of CPU time, as little as 2% or 3% of processor utilization.

TrueCrypt offers several other features that are worth noting. First of all, the product comes with extensive context-sensitive help function, which does an excellent job of illustrating its capabilities and nuances -- in fact, its help is as good as that from the two other products, which have commercial vendors. Secondly, I found TrueCrypt's approach to mounting encrypted devices to be a logical and manageable process.

Simply put, when you want to access an encrypted volume, you just mount that volume with a drive letter. All you need to do then is type in your passkey to access the data. You can also make those connections persistent and automatic, so that you will not have to enter passwords or manually map drives whenever you insert an encrypted device or access an encrypted volume. While that does make things a little simpler, automating password or key entry can defeat the purpose of encryption on a portable system. However, automation does work well with removable media -- that way, when traveling with a key drive, the data is fully protected and only available when plugged into a system that contains the proper passkey.

I tested TrueCrypt's ability to work with removable media by encrypting four USB key drives. While the process was not quite as automated as with BitLocker, it still proved easy. All I had to do was insert the USB drive, select the device from the TrueCrypt menu and then launch the encryption wizard.

Unlike BitLocker, TrueCrypt does not include any type of a reader application -- that means any system that needs to read the encrypted removable media must have TrueCrypt installed. TrueCrypt automatically works with TPM and adheres to the standard.

TrueCrypt also offers a plethora of configuration settings, default options and operational choices. For example, users worried about forgetting their passkeys can create rescue media that will grant them access to an encrypted volume if needed. TrueCrypt works with Microsoft Windows 7/Vista/XP/2000; it is also available for Apple Mac OS X and Linux systems, making it a good choice for users who work with multiple platforms.

In fact, the number of choices can be overwhelming. Luckily, TrueCrypt's extensive documentation helps you to navigate through the choices -- and it's safe to say that the majority of users will only use the basic features of the product.

The only area where TrueCrypt comes up short is networking -- the product does not integrate with Windows server policies or offer the advanced networking capabilities needed by administrators looking to encrypt volumes remotely or across a LAN. Other than that, TrueCrypt is a real winner and comes at a price that can't be beat.

PGP Whole Disk Encryption

PGP Corp. has been around since 2002, but the company's roots go back to 1991, when the code base for Pretty Good Privacy (PGP) was developed. Over the years, PGP has become one of the leaders in encryption technologies. The company offers a wide variety of products that help users encrypt data files, e-mails and many other types of data. For the mobile worker and the individual user, PGP Whole Disk Protection is a very good choice for protecting the data on a hard drive.

PGP Whole Disk Encryption offers all of the same basic features as BitLocker and TrueCrypt. The management console runs as a desktop application -- similar in design to both BitLocker and TrueCrypt -- offering wizards, interactive help and tools to encrypt and decrypt data files stored on encrypted volumes.

Unlike BitLocker, which is bundled with Windows 7, and TrueCrypt, which is free, PGP Whole Disk Encryption comes with a price tag: $149 per seat. However, that price tag delivers some capabilities not found in other products.

At a Glance

PGP Whole Disk Encryption

PGP Corp.

Price: $149 per seat

For example, unlike BitLocker, PGP Whole Disk Encryption works with a number of platforms, including 32-bit and 64-bit versions of Windows 2003, XP, Vista and Mac OS X. Also, unlike TrueCrypt, PGP Whole Disk Encryption can scale for networked environments and can be managed using a networked console, the PGP Universal Gateway, which manages the keys and other enterprise aspects of the platform.

PGP Whole Disk Encryption is available as a stand­alone, single-user product and is also available in work group, server and managed-services editions, which allows the product to scale from a single-user solution to a large enterprise network.

The product is very easy to install. Adding encryption to a drive or device is just as simple, yet you have a great deal of control over how the product works with your data, thanks to granular menus that allow you to configure options for everything from encryption strength to target devices.

By default, PGP Whole Disk Encryption uses 256-bit AES encryption and leverages PGP's Hybrid Cryptographic Optimizer (HCO) technology. HCO uses improved algorithms and is designed to be very efficient, which helps to improve performance.

PGP Whole Disk Encryption offers many features, including the ability to use single sign-on, a technology that limits the number of times that you have to enter passwords or keys -- ideally, you will only have to enter those at the beginning of your session and then have access to all of your authorized devices without having to authenticate again.

The program also lets you create an encrypted "PGP Zip" file that you can send to others (your recipients will not need a copy of PGP to access the files). PGP also includes a secure data-shredding tool for making any deleted file unrecoverable.

PGP's whole disk functionality allows users to encrypt a complete hard drive in a single step, with no need to separately encrypt the partitions on the hard drive. That makes the concept of encryption much easier to grasp for neophyte users and also makes it easier to apply the product to portable systems.

PGP Whole Disk Protection also works with TPM, if the system is so equipped. When paired with single sign-on capabilities, PGP Whole Disk Protection works transparently, making it very easy to deploy to multiple users without generating requests for help or training.

I found the whole process very easy. Once PGP Whole Disk Protection was installed, all I had to do was launch the PGP Desktop and click on "Encrypt whole disk." The encryption process runs in the background and requires only that you input a password. It only took about two hours to encrypt my Toshiba Portege and about five hours to do my Lenovo T61p. When I rebooted the systems, a PGP screen came up asking for my password; once I entered that, the boot process continued as normal.

PGP Whole Disk Protection is adept at handling removable media. I encrypted six USB drives, and the process was very straightforward. All I needed to do was insert a fresh USB drive into the system and then launch the appropriate wizard from the PGP Desktop. You can encrypt the whole USB drive or create a Virtual Volume. A Virtual Volume allows you to create an encrypted container on the drive, which can then be mounted as a separate drive. Once the password is entered, a Virtual Volume works just like any other storage device.

The product proved to be easier to use than TrueCrypt, although not as easy as BitLocker, thanks to the PGP Desktop, which is laid out in an easy-to-understand fashion and features single-click wizards, such as "encrypt my hard drive," that eliminate many steps for the user.

PGP offers excellent documentation and support, including text and video tutorials and numerous tips.

PGP offers an upgrade path to PGP Desktop Professional, which includes encryption for e-mail and chat, as well as support for creating encrypted disk images. Users looking to encrypt more than just their hard drive contents will want to consider the move to PGP Desktop Professional, which goes for $199 for a perpetual license.

Conclusions

It has never been easier to encrypt your hard drives and removable storage devices, and the excuses not to do so are quickly evaporating. The only difficulty is choosing the correct product.

If you have the latest PC with Windows 7 Ultimate or Enterprise, it makes the most sense to stick with BitLocker and BitLocker To Go -- after all, those applications are included with the operating system. If you are comfortable with open-source products, then TrueCrypt may prove to be the best choice. It's easy to use and it's free.

Finally, if you are looking to protect multiple platforms, have access to additional encryption technologies, such as email and IM session encryption, or want to support encryption on a networked environment, then PGP's Whole Disk Encryption may be your best bet. At a price of $149, PGP Whole Disk Encryption may cost more than TrueCrypt, but it is a bit cheaper than upgrading to Windows 7 Ultimate.

Frank J. Ohlhorst is a technology professional specializing in products and services analysis and writes for several technology publications. His Web site can be found at www.ohlhorst.net.

This story, "3 encryption apps keep your data safe" was originally published by Computerworld.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Related:

Copyright © 2010 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2