Control Break's SafeBoot offers a lot of features, but we were a bit put off by several being cited as available at an extra cost, including some basic-looking items such as a scripted administration tool, or a database backup utility.
Configuration involves several steps, but is so easy that we were almost surprised the installer does not automate more of it.
An object database is created, then a server configured to handle authentication. Machines are configured in groups, and users are then created and assigned to machines. The interface is clear and consistent throughout, and well laid-out.
PDAs are handled differently (as machines, rather than users), but that is the only anomaly. There is a lot of support for card readers and tokens, which must be set up from the start.
Once configured, installation sets are created for machines, which results in executable packages to be pushed out to those systems. We would rather see remote installation through network distribution or MSI files than executables. The executables, when run, install the client software and deploy policies.
SafeBoot provides all the basics for encryption – file, folder, and disk crypto. Where the software really shows its merit is in the flexibility and granularity of the backend object database. Objects can be encrypted against specific users or groups, any of which can access the secured data with the configured permissions.
In addition, the encryption can include a recovery public/private key pair, which can be stored separately for emergency access. Files can be securely wiped after encryption.
Each user, machine and server object keeps an audit log of activity, but we would have appreciated a way to consolidate these into a single interface.
Control Break has done a good job, providing a flexible, powerful object database which scales up into enterprise data encryption with surprising ease.
Coupled to integration with smartcard readers or authentication tokens, this would snap easily into two-factor authentication environments.