Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Laptop Encryption/Control

Posted on 2014-02-26
Medium Priority
Last Modified: 2014-03-13
We are looking at replacing a number of PCs with laptops, so users can work remotely when needed. I'm wondering what the best options are for drive encryption on the laptops in case they are lost or stolen? If possible, I'd also like something that does the encryption but can also control other areas of the laptops (trusted sites, allow/not allow downloading software, etc.). These would be Windows 7 and they'd be accessing the network via VPN when they are not in the office.
Question by:itmoonlighter
LVL 24

Accepted Solution

Eirman earned 1500 total points
ID: 39889102
I would definitely separate encryption software and user control software.

Most people will recommend truecrypt for encrypting the entire hard disk but I always recommend bestcrypt volume encryption from www.jetico.com

It's much easier to use, and give you better control and management in a corporate environment.  It has many feature that truecrypt does not have (the use of hardware tokens for example).

Unlike truecrypt it's not free ... but it's not expensive and support is good.

Expert Comment

ID: 39889139
Are your users working remotely over the internet or are they predominantly working on files and data "offline?"  If they are going to be accessing your system remotely, you may consider abandoning ANY company data being stored locally and utilizing a remote system like Terminal Services or Citrix to provide a remote sandbox for the user to work within your network

In addition, the laptops can be locked down via GPO or with the help of an additional management software like Deep Freeze which prevents a user from permanently affecting the configuration of the laptop:


I have found that when users get laptops, regardless of policies, they become personal machines, kids use the to browse the web, etc.  Deep Freeze effectively resets the system to your original image on each restart regardless of what was done purposefully (install iTunes) or accidentally (installed malware.)

If you must apply true encryption to your laptop disk, you can use a program like TrueCrypt however many time its slows the overall performance of the laptop and I generally only consider it if a user if going to be using data offline that is highly confidential or is bound by a legal requirement for encryption, HIPAA for example.

Author Comment

ID: 39889221
Thanks for the comments. All of the data and programs they'd be working with would be online only, which they'd access via a VPN, I have the same fear that this will become a personal laptop, even though they'd be instructed that it's not.  I'll have to look at Deep Freeze. Is there other user control software out there? Our industry is bound by compliance, which is driving the disk encryption issue.
LVL 62

Expert Comment

ID: 39897889
Full disk encryption like BitLocker or truecrypt?
LVL 58

Expert Comment

ID: 39898757

Depends on your edition.
Win7 Ultimate and enterprise (not pro!) have both Bitlocker and applocker.
BL encrypts, applocker restricts application usage effectively. What edition do you run?
Win7 pro could use software restriction policies, which are similar to applocker.

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Suggested Courses

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question