Two-factor authentication of users and good key management facilities.
Cannot encrypt data on network drives at present and relatively small encryption key size (128 bits) by modern standards.
An easy-to-use file-encryption system with enterprise-class management features
DESlock+ is designed to encrypt files, folders, email messages and email attachments. It uses a choice of 112-bit 3DES, 128-bit Blowfish or 128-bit AES encryption algorithms and works with Windows 98/ME/2000/XP.
The software integrates very tightly with Windows - for example, to encrypt a file or folder, simply select its icon and right-click to open the standard Windows pull-down menu, which will now have DESlock+ encryption options added to it. An encryption wizard offers a choice of up to 64 encryption keys, which are stored in a USB token. Once authenticated, using a password, a key can be selected to be used with the token. A key-generation wizard creates these keys as required. An administrator can control or limit the folders that may be encrypted and users may be prevented from using an encryption key that is not also securely held in escrow by the administrator.
Once a folder is encrypted, anything put inside it will be automatically and transparently encrypted. Individual files can also be encrypted in an unencrypted folder. The next release of the software will support encryption of folders on network drives - at present, if an encrypted folder is copied to a network drive, it is automatically decrypted. This restriction applies only to folders, however, as files remain encrypted when copied across a network.
There is a plug-in for Microsoft Outlook for encrypting emails and attachments easily from Outlook's menus. Integration with Outlook is very good - messages are stored encrypted in Outlook folders and even unencrypted messages can be encrypted within Outlook.
Users can share and exchange keys easily but the administrator still retains overall control of the process.
The key management facilities are the strongest feature of DESlock+, because the user can never lose control of the distribution of keys. Keys can be forwarded to a user but the application prevents that user from forwarding them to anyone else. Or, forwarding can be permitted but restricted to tokens within the same workgroup.