With improvements to Windows 7 BitLocker and with USB drives getting bigger and cheaper (you can get a 64GB drive for not much more than $120), now is the time to take a closer look at whole disk encryption products. If you've employed whole disk encryption, then even if your laptop or USB drive falls into the wrong hands, no one besides you will be able to read any of the files stored on it; when you try to access these files you need to enter a password, otherwise the data in each file is scrambled.

These products will extract some performance from your system, but the current versions work well and without much system overhead. Also, the time to decrypt the files is minimal, and once you enter your password it is just like having the file sitting in an ordinary folder on your desktop.

Windows Vista had built-in encryption that was below par called BitLocker. Fortunately, Windows 7 has made it almost a usable solution, and it is free. The drive preparation is now part of the setup wizard, making it easier to set it up. There is also BitLocker to Go that can be used to encrypt USB or other removable drives. This software can only be installed on the entire drive, and the files that you encrypt on it will be able to be read with XP and Vista PCs, although you can't write files with these older operating systems.  Here is a link to more details on the software.


If you want something more powerful and flexible, then TrueCrypt.org has free open source tools for Mac, Windows, and Linux machines. [More on TrueCrypt here.] One of the features that I like is the ability to recover a forgotten password, which is probably the biggest fear in using any of these products. Windows 7 BitLocker has this recovery feature too, although you will have to set up a special policy to enable it.

If you want something more powerful than simple password protection, you can link the encryption technology to the Trusted Computing Module chip, or make use of the built-in fingerprint reader, both are part of most modern Windows laptops.

Whole disk encryption, multiple PCs

TrueCrypt and BitLocker are fine for single PC users. If you want something that you can deploy and manage across your entire organization, there are four principal vendors of whole disk encryption utilities that come with more management features and, of course, will cost some dough. They are PGP's Whole Disk Encryption, Secure Star's DriveCrypt, Sophos SafeGuard and MobileArmor's Data Armor. With all of them, you can set up security policies, recover passwords, and generally have a better view of what is going on across your fleet of hard drives that are using this software. You can also create encrypted partitions of dynamic sizes, meaning that they will grow as you add files to them.

PGPDisk.jpg

PGP Disk has a very straightforward encryption process with some powerful encryption features, too.

Each one is better than doing no encryption, and all provide roughly equivalent protection of your data. Figure on paying about $50 a seat if you buy any of these products in some quantity. It is a small price to pay for the comfort and protection they provide.

David Strom is an international authority on network and Internet technologies based in St. Louis, MO. He has written extensively on these topics for more than 20 years for a wide variety of print publications and Websites, including as editor-in-chief at Network Computing, DigitalLanding.com, and Tom's Hardware.com. You can find him online at Strominator.com and e-mail him david@strom.com.