SafeGuard Easy encrypts the entire disk and places agent software in the master boot record, requiring authentication before the OS is loaded.
Bearing in mind the caveats about full disk encryption we discussed on p66, Utimaco has done a good job, especially on integration.
Utimaco sent us the software as well as an IBM ThinkPad with extra tools (IBM's own security chip on board, and client security software) to demonstrate the deeper security possibilities.
From the user's perspective, we thought the Utimaco product on its own was fine, but when it was combined with the IBM goodies it was crossing the line, and starting to feel awkward and cumbersome for what seemed like not all that much extra benefit.
If you really need that many layers of protection, the combination is worth looking at. Otherwise, you will probably be happy with SafeGuard on its own.
There is a good array of tools provided to ease deployment and maintenance, which we really liked, and for this reason we think SafeGuard is a very good product for mobile data encryption in any size of organization.
At preboot, if an incorrect username and password is provided, the software takes incrementally longer time periods to respond, in order to prevent guessing. In the event of a forgotten password or other emergency, there is a facility to generate a challenge code, which can then be used by an administrator to generate a response which the user enters to unlock the system in a variety of ways (such as resetting passwords, unlocking hardware, and so on).
One minor flaw here is that this can be used to check whether a user exists – a non-existent username (and password) fails to login normally, but the software will only generate a challenge code if it actually recognizes the username.
Removable media and USB disks can be encrypted too, and Utimaco has solutions for PDAs, network storage and others to complement the suite.