Safend Data Protection Suite v3.4SP4
Strengths: Full control over fixed, removable media, and system ports and devices. Easy to use and deploy.
Weaknesses: Sharing of encrypted data on non-client devices can be done, but is clunky.
Verdict: Full featured and a great price.
SummarySafend Data Protection Suite (DPS) v3.4SP4 protects against data leakage by providing centrally managed desktop and laptop hard disk encryption. DPS is a hard disk encryption solution that leverages the security of full-disk encryption and the flexibility of file-based encryption to protect sensitive data. By encrypting data files - but not OS or executable files - multiple users' data can be protected and segregated. User logout or standby instantly removes encryption keys for that user and protects against cold boot attacks. DPS is completely transparent - it does not require users to activate the encryption/decryption process or select or recover keys. Administrators can fix machines and install software without access to encrypted data.
Internal hard disk encryption's effectiveness is multiplied by using removable media encryption running on the same agent and enabled with a server license.
Server prep necessitated us installing .Net 3.5 and IIS. Everything else installed for us with the Data Protection Suite Management Server implementation. The install offers a choice between using MS SQL or the embedded database, a nice deployment feature. Once up and running, user management is done through Active Directory (AD) integration. One has to open Windows Management Instrumentation (WMI) ports on Windows Firewall for the management system to poll devices, but this allows one to not only manage them but also detect hardware.
Admins can install the user agents manually or via a group policy object (GPO). There was also a MAC client available, which we did not test. Security is set via policies and applied to AD groups, users or machines. One has full control over fixed and removable media encryption, including port and device control.