Content

Enterprise whole disk encryption done right

There are lots of products that claim to do preboot whole disk encryption. But there aren't a lot of them that can claim to do it over the network. While several products can, pretty much, get to the same point without doing it over the network, the network is a key component and, if one ignores the network, one essentially ignores the enterprise.

This month's First Look specializes in whole disk encryption and, unlike many other products, can do the entire process of encryption and encrypted disk access throughout the enterprise. It's a big deal as many of the products that claim to do it really don't.

First, and probably most telling, is that PBConnex is a combination of whole disk encryption and access management. That, really, is not too surprising given that some smart people have hypothesized that all that really is needed to protect the enterprise is to encrypt everything. Not too practical today, I would guess, but the premise is well worth considering.

There are several challenges to overcome when one is restricting asset access on the enterprise based on encryption. The big one, in my view, is what happens when the user cannot access the network? Is the computer a dead piece of meat because the online creds aren't there to allow the logon? Not with PBConnex.

PBConnex works in most common environments, including MS Windows (most flavors) and Mac. So the big question is, as one would expect: Why bother with full disk encryption, in general, and preboot encryption, specifically? The answer is simple, really. Everything is encrypted – regular files, unallocated space, boot sector, directory – indeed, everything that would allow an attacker to see what is on a secure disk.

There are a lot of little – but important – aspects to the product. For example, it handles self-encrypting devices. It really doesn't care if the target is Windows or Linux in that regard. Virtually all of the action takes place on the SecureDoc Encryption Server. This is where keys are managed, authentication happens (if the authentication is over the network) and authorization occurs. It's a clean solution to the challenges of whole disk encryption over the network.

Of course, encryption of external attached devices is a given. If one is using flash drives or USB disks, these can be managed as easily as the primary hard drives. An extension of this is the ability to create encrypted containers on removable media, complete with a reader that allows recipients of the encrypted containers to unencrypt them even if they do not have the encryption tool itself. That includes CDs and DVDs – with the caveat that an external version of the reader must be available since it cannot be included directly with the burned disk.

There are neat capabilities, such as supporting the hardware password manager in Lenovo computers. Overall, this is an extraordinarily flexible, well thought-out and effective application of encryption. We like it a lot, and it is well worth your consideration.


At a glance

Product: SecureDoc with PBConnex
Company: WinMagic
Price: SecureDoc Enterprise
Server: $5,995; SecureDoc License: $99 (volume discounts available)
What it does: Provides comprehensive enterprise pre-boot encryption for endpoint devices.
What we liked: It is simple, effective, comprehensive and straightforward to manage.
What we didn't like: Nothing. This is a well-conceived product that addresses a real need in an intelligent way.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.