The need for encryption will differ in every business. It’s important to understand the right kind of encryption that needs to be implemented, while buying a product without unnecessary features that your organization may not necessarily need.
File encryption allows you to encrypt files and folders, it remains data-centric and uses a key sharing methodology, which depending on the product the key can be shared instead of an individual user key.
Disk encryption is device-centric, which can encrypt an entire hard drive whether it’s internal or external, or specific partitions. Once the disk is decrypted and a file is sent outside of that drive, there is nothing to stop unauthorized users to access that file unless you pair file encryption.
During this year's product review, we saw a clean split down the middle in products that offered full disk encryption paired with file encryption. We were happy to see a mix of encryption offerings as it leaves room to buy a product that’s more tailored to what they want, especially with the lack of adoption or scalability in business environments.
With the inclusion of XTS-AES technologies such as BitLocker and FileVault with the operating system, it is getting easier and easier to ensure that your data is protected. These tools allow organizations to take steps to in protecting systems and data without a large upfront investment. These solutions offer full disk encryption as well as layering in the file level encryption.
Microsoft has taken its BitLocker management to the next level with adding in the Microsoft BitLocker Administration and Monitoring (MBAM) role for Windows Server 2016 and newer releases. This function adds enterprise-class management with Group Policy templates and the ability to store the 48-character BitLocker keys. With such strong built-in solutions, you may wonder why you’d need to look at third parties – but there are some solid solutions on the market that offer a more robust offering with even better management functionality.
This year for the products we reviewed, we saw a wide variety of offerings centered around software-based applications with a centralized management location, whether it’s in the product company’s cloud or an on-premises server which is still typical in most setups. We saw the ability to utilize software agents on a variety of platforms such as your typical virtual or physical servers, on-premises, on-cloud IaaS, or hybrid environments.
New to the table this year was file encryption via web-based application, which doesn’t require anything to be hosted on-premises as it’s all available in the vendor’s cloud, which still had traditional offerings for customers that still want to host everything in their environment. Some more unique features that stood out that only one or two products offered are email encryption which integrates with Outlook and allows you to send and receive encrypted emails and attachments. Linux support was also not a popular this year leaving Linux environments slim choices.
The SC Labs team stood up a few operating systems from each family (Windows, Linux, and Mac) to test each product. These systems were used to test full disk, file and a combination of both to see how simple the products were to use, how quick the encryption process went, and validate the encryption is not easy to bypass. These products all faired really well and would be a great replacement or addition to your encryption needs.