PGP Whole Disk Encryption from Symantec v10.3
Strengths: Good enterprise whole disk and email encryption solution. Strong key management solution. PGP Zip works well for sharing/transmitting secure files.
Weaknesses: Complex management console. Very pricey solution.
Verdict: Good whole disk offering, powerful for managing massive key stores.
SummaryPGP Whole Disk Encryption from Symantec encrypts all the contents on the disk on a block-by-block basis. The complete disk is encrypted (including white space) to offer total data security. The only way to access an encrypted disk is with the authorized user's passphrase during the pre-boot authentication. PGP Universal Server is a console that manages the applications, and provides email, disk and network file encryption.
Management from the PGP Universal Server allows ease of deployment, management and reporting from one central location. PGP Desktop was deployed on our endpoints and is available for both Windows and Mac operating systems. The solution includes whole disk encryption; PGP NetShare, to share files among PGP users; PGP Virtual Disk, allowing users to employ part of a drive and an encrypted virtual disk; and PGP Zip, for creating compressed and encrypted packages.
The deployment requires a dedicated server and, as part of the process, wipes out anything on the server. PGP Universal Server is a customized Linux installation and cannot be installed on a Windows server. Every PGP Universal Server requires a dedicated system.
PGP Desktop makes it easy to create and manage key pairs. With the Universal Server, a recovery token is stored (and tracked whenever accessed) to allow for forensic analysis of the disk or if the user forgets a passphrase. With the integration of Intel Anti-Theft technology, a stolen or misplaced laptop can be remotely disabled. This includes both the platform and the data residing on the disk. Client software can be delivered through a distribution platform or directly from the management console. Users can back up features for keys and reconstruct capabilities in the event a passphrase is forgotten. One has to use the Universal Server to set up policy and enforce encryption of removable media. This option works for USB devices.