Third-Party Encryption Vendors
In order to survive, third-party (“add-on”) solutions must provide value add that is significantly beyond what is already “built-in” to the operating system. Therefore, you need to thoroughly understand your security requirements and the capabilities of the solutions that are already built-in to your operating system. If your requirements are not already met by the operating system AND the cost associated with a third-party solution is worth the incremental 1 benefit, then you may want to consider investing in the third-party solution.
Over time, purchasing a third-party solution will become harder to justify as the built-in solutions become better, more comprehensive, and ubiquitous. In the near term, however, here are some scenarios that may justify a third-party solution:
- I need full-drive encryption for XP, but I can’t upgrade to Vista – Since Windows XP only supports File\Folder level encryption, if you can’t upgrade to Vista, then you would need to purchase a third-party solution to provide full-drive encryption.
- I need full-drive encryption for Macintosh – Like Windows XP, the Macintosh only has file\folder level encryption built-in. Thus, you would need to purchase a third-party solution to provide full-drive encryption for the Macintosh. As noted in the table above, however, we are unaware of any third-party solution that will provide full drive encryption for the Macintosh OS volume. Thus, if full-drive encryption is mandated or otherwise required, you would need to leverage a different platform.
- Too many different built-in solutions – If you need to support an extremely heterogeneous environment of platforms, platform versions and mobile devices, you may want to standardize on a third-party solution to provide consistency for end users, administrators or both.
- Value Add – Third-party encryption solutions may provide some additional related capabilities that you either need or want, for example: laptop recovery, remote disk wiping, secure delete, email integration, port control, ease of use, better management etc.
What encryption solutions are out there?
The following table provides information regarding encryption solutions offered by various vendors in the Fall of 2007. Use the table to narrow down your options based on the following parameters:
- File/folder versus full-drive encryption – As noted earlier, rely on a full-drive encryption solution unless you are in a highly managed environment where centralized policies and reporting capabilities increase the likelihood that sensitive data is being encrypted.
- Platform (Windows, Macintosh, Linux) – Obviously, the chosen solution needs to run on the hardware and operating system that you have. When available, we’ve tried to include more detailed information in the Notes column regarding specific versions supported within a given platform. Always check with the vendor, however, to get the most up to date, definitive version information. In general, you can assume that Windows includes (or will soon include) Windows Vista.
- Consider for managed/unmanaged environments – These two columns distinguish products based on their target markets. “Consider for managed environments” means you should consider the product only if you have an IT department that provides an infrastructure for and centrally manages end-user desktops. “Consider for unmanaged environments” means the product is more likely to be successfully used by end users that manage their own desktops. When a single product is listed in the table as meeting both criteria, it is likely part of a “product line” that, e.g., may include a personal edition along with an enterprise edition.
- Notes – The notes column includes additional information readily gleaned from the vendor’s web site regarding additional or limited functionality not covered by the other columns. Absence of a note does not mean there is nothing noteworthy (either positive or negative) about the product. It most likely means the web-site is less forthcoming with information.
- License Cost – In this version of the FAQ, the license cost column is used to distinguish “free” products from products that require an additional capital expenditure.
1 - i.e. the 3rd party solution is “Cost Effective”. Mathematically, “Cost Effective” means:
Cost of 3rd-party solution/(Benefit of 3rd Party solution – Benefit of Built-In Solution) > 1