Link to home
Start Free TrialLog in
Avatar of Jarrod Adams
Jarrod AdamsFlag for United States of America

asked on

Where to start with encryption?

I need to get started with encryption for several traveling consultant laptops.  I'm not sure where to start and looking for some direction.  Any recommendation for the best encryption program, an encryption tutorial, pitfalls of encryption would be appreciated.
SOLUTION
Avatar of arnold
arnold
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Jarrod Adams

ASKER

Yes-
I think whole disk encryption will be the best bet for us.  The local users will be administrators on their individual laptops and allowed to install software.

Is there significant speed loss with encryption? Does it use up a lot of resources?  Will it take hours to encrypt each laptop (approx. 100GB of data currently written)? Do I need a percentage of disk space available to do encryption?

Each of the laptops is an Hp.  Is there any big downside to using the in-house encryption of Hp or Dell or Lenovo?  how 'bout Windows7?

Lots of quests.  Feel free to cherry-pick.  thanks, J
What is the purpose for the encryption should be answered first.
The functionality will not be impacted significantly.
Look at the setup process
http://www.esecurityplanet.com/features/article.php/3865291/How-to-Set-Up-TrueCrypt-Disk-Encryption-Part-1.htm

There are several other consideration, are there data files that would require backups for an event the system fails or is lost.

Are you talking about thier options to use the builtin harddrive encryption options.
Which ever methode you choose, make sure you can handle the various failure options to restore access ahead of time.
I.e. maintaining a recovery process for each laptop.
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
1st- the reason for encryption:
These are traveling consultants working on projects for clients.  Each project requires a certain amount of client-supplied data to be worked on with the consultant laptop.  In the event a laptop is stolen or lost.  We just want to be confident that the client data has not been compromised.  As for traditional backup, we have an online backup system, so recovering documents other than the most recent is not a big problem.

Backup Recovery "keys?" to decrypt a drive in case of corruption or a problem with the encryption system is new to me, but I plan to follow whatever the recommended protocol is by the encryption program manufacturer we land with.

As for FDE versus whatever the term for Bit Locker or Lenovo's security encryption app is...can you  elaborate a little?  I am calling Lenovo support today for some detail, but it was my understanding that BitLocker is a full-disk encryption, just that it was only available with Windows7 ULTIMATE...since we are on Win7 Pro, it's not an option unless we want to upgrade, and that's likely more expensive than CheckPoint Full Disk Encryption or Trend Micro Endpoint Encryption or Symantec PGP encryption, and it appears these and other 3rd-party apps get good ratings, too.

thanks again for your interest and assistance.  the information I've received so far from various sources is so vastly different and confusing and/or inaccurate.  One tech even told me that I couldn't use an encryption program unless my laptop had a TPM chip and it was activated...and I'm still not positive that this is inaccurate?

This confusion does make me more hopeful that after sifting and testing, and listening I will find a great solution for my client.  The path is just not clearly marked.

J
There are many as you see option some option require a complete reinstall I.e at boot time, the user will be prompted for credentials.  This will get the user authorized and the system boots into windows. The user would then need to authenticate to use the system.
This provides a dual authorization.

You need to define the scope of the security you want to implement and then see which.

You could use the programs you mentioned to encrypt folders/documents in a manner that bit locker/efs would have done it.

The online backup has to be tested since it might be backing up encrypted data.
Consideration for online backup suggests while you are securing the data on the laptop, that information might be exposed from the backup provider.
FYI, CheckPoint software doesn't offer the Full Disk Encryption product anymore, as of 4QTR 2012.  Apparently it wasn't selling well enough to keep it going, so I'll have to decide between trend micro or symantec PGP or McAfee or some other encryption software.