Need a quick solution to hard drive encryption software please

Posted on 2011-09-19
Last Modified: 2012-06-21
Need a solution that is not an administrative burden for IT dept.

Need "whole disk encryption" for Windows Professional.
Thank you!
Sheila Venable
Question by:sheilavenable
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2

Expert Comment

ID: 36563358
I recommend TrueCrypt.

Expert Comment

ID: 36563555
I agree that TrueCrypt is a decent solution.

My company uses Guardian Edge's Hard Disk Encryption (now Symantec) which has some issues. When it works, it is great. Trying to recover from a bad hard disk can be challenging. Occasionally it seems to forget that there are users registered and all the users are locked out of the machine.

You mention not wanting to burden IT administratively. Unfortunately, any system is going to cause some quantity of work for IT. Encryption can become especially challenging when it fails to function correctly.

To further assist, please provide some more information about what you are trying to accomplish with disk encryption:
Is this going to be a one-off installation or are you looking for group/branch/department solution?
Does the IT group have an existing solution that isn't meeting their needs?
Do you need to be in compliance with SOX/HIPAA/GLBA/FISMA?


Author Comment

ID: 36566238

Good Morning Master,
We are a financial institution with very little IT (2 people).  This will be our first solution.
Usually we purchase products from our data processor for support but for the last 4 years they have not come up with a solution.  I actually loaded TrueCrypt yesterday on my Windows 7 PC.  We have 10 laptops that need encryption and yes we need to be in compliance with GLBA.  Any advice you have on TrueCrypt and the way it should be set up would be greatly appreciated.
Thank you!
Sheila Venable

Need a solution that is not an administrative burden for IT dept.

Need "whole disk encryption" for Windows Professional.
Thank you!
Sheila Venable

Accepted Solution

da3ve earned 500 total points
ID: 36568820
Thanks for the info.

The above link is a pretty good step-by-step. AES is, in my mind, an acceptably secure algorithm and RIPEMD-160 hasn't any reported vulnerabilities yet.

Like any software solution, make sure that you keep your goals in mind.

Lets go into the deployment in general terms for a moment. It sounds like you need to use encryption for GLBA compliance without any undue burden on the users or the admin staff. Groovy. Some of the potential problems that you will face are going to be:
data recovery after hardware failure (motherboard/HDD)
data recovery from a disgruntled employee who has deleted all of their data
data recovery from a lost password
data recovery for a user on travel with the above problems

I would set up a testing plan to run through these scenarios (and any others I missed) before you go live. Once you have the software loaded, swap the HDD into a different machine (same model) and see if the password will work. Boot to the recovery disk and see if you can recover files to a USB or network drive without using the drive password. Try doing an undelete to recover deleted documents from an encrypted disk. Document everything so that you aren't left hanging when something bad happens.

You'll probably want to implement policy to get the users into backing up laptop data (perhaps automatically) to a server so you have a current copy in case all of the recovery methods fail.

You'll definitely want a good (and backed-up) archive of all the recovery disk .ISO images on a share for the admins.


Author Closing Comment

ID: 36588333
Thank you very much for your advise!
I really appreciate it!
Sheila Venable

Featured Post

Transaction Monitoring Vs. Real User Monitoring

Synthetic Transaction Monitoring Vs. Real User Monitoring: When To Use Each Approach? In this article, we will discuss two major monitoring approaches: Synthetic Transaction and Real User Monitoring.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hallo! I guess almost every Windows Administrator must have got stumped with this question "Where does WINDOWS store a users cached credentials? Every user who had once logged onto a Server/Desktop while it was connected to the domain could sti…
The way I use Experts Exchange to assist me in analyzing and diagnosing a problem is I first enter a Verbose Question at Experts Exchange like: Office 2007 will hang when opening and saving files I then launch WordPad (any text editor will do) an…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question