A decade ago, encryption was hot enterprise security news. As a measure of its effectiveness as a technology, it has been incorporated as a key feature in many security suites since. But that doesn't mean it has faded in importance. With so many incidents of ransomware, fraud and data breaches in the news, encrypting sensitive data remains a vital necessity. (For more on how encryption works and how to evaluate encryption products, see the eSecurity Planet article Full Disk Encryption Buyer's Guide.)
The encryption products covered here are those that have stood the test of time. In the early years of the millennium, there were scores of encryption tools available. But through consolidation, acquisition and attrition, these are the ones that have emerged in what can now be considered a mature market.
- IBM Guardium Data Encryption
- Check Point Full Disk Encryption Software Blade
- Eset DESlock
- Dell Encryption Enterprise
- McAfee Complete Data Protection
- HPE SecureData
- Bitdefender GravityZone
- Sophos SafeGuard
- Symantec Encryption
- Trend Micro Endpoint Encryption
Research and product evaluation are necessities, as there remains great diversity among the various options. Some tools work well in certain environments and poorly in others. Incompatibility issues can arise. And the sheer volume of data in existence means that datasets have to be prioritized as part of enterprise encryption management – it may not be feasible, in some cases, to encrypt everything.
"Many vendors' encryption products are using proprietary interfaces that are incompatible with other vendor key managers," said Gartner analyst Brian Lowans. "The wide variety of encryption products and vendors makes the selection process problematic."
Here, then, are ten of the top enterprise encryption vendors and their products, followed by a chart comparing encryption product features. Key features include endpoint encryption (hard drive and removable media, email encryption, file encryption, on premises and in the cloud cloud), centralized management, key management, authentication, and integration with other security tools.
IBM Guardium Data Encryption performs encryption and decryption operations with minimal performance impact. Features include centralized key and policy management, compliance-ready, and granular encryption of files and folders, as well as volumes of data, each protected under its own encryption key.
See our in-depth look at IBM Guardium Data Encryption.
The Check Point Full Disk Encryption Software Blade provides automatic security for all information on endpoint hard drives, including user data, operating system files and temporary and erased files. Multi-factor pre-boot authentication ensures user identity.
See our in-depth look at Check Point Full Disk Encryption Software Blade.
DESlock encryption by ESET has a web-based management console that allows multi-user administration across the network. Additional features include remote device wipe, simplified key sharing, and encryption policy setting and enforcement. Centralized management delivers the ability to control devices anywhere in the world.
See our in-depth look at Eset DESlock.
Dell Encryption Enterprise provides software-based, data-centric encryption that protects all data types on multiple endpoints and operating systems. It integrates with existing security platforms and tools, and enables IT to manage encryption policies for multiple endpoints from a single management console. In addition, the encryption tool allows IT to rapidly enforce encryption policies on system drives or external media without end-user intervention.
See our in-depth look at Dell Encryption Enterprise.
McAfee Complete Data Protection comprises data loss prevention, full-disk encryption, device control, and protection for cloud storage as part of an integrated suite. Centralized policy management is provided by the McAfee ePO management console to provide remote access.
See our in-depth look at McAfee Complete Data Protection.
HPE SecureData provides an end-to-end data-centric approach to enterprise data protection, securing data persistently at rest, in motion and in use. It protects data at the field level, preserves format and context, and provides granular policy controls. It offers security controls for Big Data applications too.
See our in-depth look at HPE SecureData.
GravityZone Full Disk Encryption leverages encryption capabilities provided by Windows (BitLocker) and Mac (FileVault) platforms. Encryption management is done from the same cloud or on-premises console used for endpoint protection.
See our in-depth look at Bitdefender GravityZone.
Sophos encryption products include mobile recovery of BitLocker or FileVault recovery keys, and granting of access to encrypted files based on the security state of the endpoint. Further, they provide full disk encryption, central management for Windows BitLocker and macOS FileVault, service-to-service key recovery, role-based access, and application-based encryption.
See our in-depth look at Sophos SafeGuard.
Symantec's integrated encryption product line includes endpoint, email and file encryption. Endpoint encryption encompasses full disk encryption, cloud data encryption, policy enforcement integration, and encryption of messages from Apple iOS and Android.
See our in-depth look at Symantec Encryption.
Trend Micro Endpoint Encryption provides full disk encryption, folder and file encryption, and removable media encryption. A single management console allows clients to manage encryption along with other Trend Micro security products.
See our in-depth look at Trend Micro Endpoint Encryption.
Encryption product comparison
Below is a chart comparing key features of top enterprise encryption products.