Looking for suggestions on full hard drive encryption software for MASS 201 compliance

My company has to implement full hard disk encryption on all laptops (~200 WinXP and Win 7) to meet MASS 201 compliance.
Main thoughts to consider are:
•      Cost – initial, subscription  fees, etc.
•      Ease of use on the end user – will the end user even notice it?
•      Ease of administration – how to install/setup/etc
•      Impact on performance – is it going to noticeably slow down performance?

Does anybody have experience/suggestions on the best solution available?
gcrickmanVP Information Technology ServicesAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

EirmanChief Operations ManagerCommented:
I find "bestcrypt" & "bestcrypt volume encryption" to be the best products out there.
There are so many features that I could not even start to list them all here - (Multiple/master passphrases, tokens, anti-keylogging and much more)

One nice feature for whole disk encryption of laptops is the "dummy" message you can have when a laptop is booted, leading a thief to believe that the laptop is faulty.
There is no indication that a passphrase is required.

It's really reliable software, support is excellent and as it's from Finnislh company, there are no secret back doors!

EirmanChief Operations ManagerCommented:
Some of your specific queries .....

•      Cost – initial, subscription  fees, etc.
With a volume purchase, in or around $30 per machine

•      Ease of use on the end user – will the end user even notice it?
The ONLY thing a user has to do, is enter the passphrase on startup (or resuming from hybernation)

•      Ease of administration – how to install/setup/etc
Very easy to setup and maintain

•      Impact on performance – is it going to noticeably slow down performance?
Zero impact in my experience (there is a benchmarking utility included which you can try included in the program, but I never needed to try it)
EirmanChief Operations ManagerCommented:
My price guess was wrong .... I never really looked at volume pricing above 10 before

Volume discounts
2+: $/€ 98.00 per license
5+: $/€ 97.00 per license
10+: $/€ 94.50 per license
20+: $/€ 90.00 per license
50+: $/€ 80.50 per license
If you want to purchase 100+ licenses, please contact our Sales Department at sales@jetico.com

So you might be able to beat them down to $50 or $60
Of course, there is always the free open-source truecrypt (truecrypt.org)
but it's not as flexible as bestcrypt
Try Sophos


they should have flexible price points and you can always use a trial to test on your environment.

good luck!

Rob KnightConsultantCommented:

It would be useful to understand your distribution of Win XP & Windows &, the versions you are using for the latter and what immediate plans you have, if any, to phase out Windows XP?

As you may be aware, Windows Vista and Windows 7 support BitLocker in certain variants (Enterprise and Ultimate) - it's integrtaed into the OS and depedning on your laptop hardware (i.e. 1.2 compliant TPM) you can have multi-factor authentication (the minimum would be a USB pen-drive with which the PC would not boot unless the recovery key was entered). It's using FIPS 140-2 certified cryptography and AD integration is an option - i.e. you can set Group Policy to enforce the no of factors and store recovery keys in AD). On Windows 7, removable storage encryption is also offered.

Perhaps you could clarify exactly what you want to protect - i.e. does your organisation also archive off data to CD, DVD, Blu-Ray etc? USB Pendrive encryption? Tape Backup encryption?

I'm sure you're aware that MASS 201 refers not only to data at rest but also in-transit - your VPN may require some scrutiny?



Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.