Hard Disk Encryption - HP Drivelock vs Windows Bitlocker

We have all HP equipment and for the last few years I have used Drivelock to protect (encrypt?) these drives.  I have concerns that drivelock is not true drive encryption and debating if we should switch to using Bitlocker, we are starting to roll out windows 7 enterprise.  Has anyone had any experience with using Drivelock from HP/Compaq?
ltrcneAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

pand0ra_usaCommented:
DriveLock doesn't encrypt the harddrive it only locks it with a password which is an excellent way to annoy thieves - they may steal your laptop but cannot start it or access your data.

If a DriveLocked drive is connected to a computer that does not support drivelock then the data can not be accessed.

I would complement Drivelock with some form of full disk encryption if the data is that sensitive.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
DavidPresidentCommented:
Later versions of Drivelock WILL do full disk encryption, or it can be used more like a password to unlock unencrypted data.  It comes down to how you configure it.  Note that all encryption can be circumvented via a variety of techniques, that are best not named in a public forum.

The encrypted data can be accessed if the drive is connected to a system that is not using it ... and then this encrypted data can be decrypted.  But this is a standard weakness of any encryption technology that does not also use something like a passkey, fingerprint, or retinal scan.

Both drivelock and Biltocker can be defeated via social engineering.  there are plenty of people out there who will gladly reveal a password if a stranger gives them a convincing story :)
0
pand0ra_usaCommented:
Dlethe, it sounds like you don't like encryption. What would you suggest?
0
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

DavidPresidentCommented:
No, i did not say I didn't like encryption.  I wanted append the comments where you said drivelock doesn't encrypt.  That is no longer the case.

But drivelock & bitlocker are vulnerable via social engineering, but that goes with the territory. Both technologies are the best you can hope for in a PC.  Go with either, just make sure it is latest version, patched, and you don't do a bonehead configuration that opens you up to attack.

There are some great things coming out of Seagate & LSI with a RAID card with built in encryption and a drive that encrypts in hardware.  This is not appropriate for a laptop due to price issues and the need for a PCI slot .. but it does provide an excellent server solution. Encryption is done on-the-fly and at full speed.

0
pand0ra_usaCommented:
dlethe, I did have one other question for you, you said "Note that all encryption can be circumvented via a variety of techniques, that are best not named in a public forum.". I used to be a CT (Cryptographer) in the Navy and I am curious as to what the various techniques are that can circumvent encryption (aside from social engineering which like you said fools people not hardware or software)?
0
DavidPresidentCommented:
Google can be a wonderful thing to find exploits, but I will not add to the knowledge base by mentioning any of them. Suffice to say, that there are techniques beyond brute force decryption and social engineering.   Some involve hardware,  others involve "circumvention" code.  Thinking outside of the box is helpful also.   I will throw you a bone, since this is well known.   Think about techniques that people used to crack DRM so you can copy "protected", movies, amazon kindles, itunes music; DVRs ...

Those technologies were listed as safe and secure also, and I admit that encryption was limited, but they are examples of outside-the-box thinking.  'nuff said.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Storage

From novice to tech pro — start learning today.