Solved

Laptop Encryption/Control

Posted on 2014-02-26
5
452 Views
Last Modified: 2014-03-13
We are looking at replacing a number of PCs with laptops, so users can work remotely when needed. I'm wondering what the best options are for drive encryption on the laptops in case they are lost or stolen? If possible, I'd also like something that does the encryption but can also control other areas of the laptops (trusted sites, allow/not allow downloading software, etc.). These would be Windows 7 and they'd be accessing the network via VPN when they are not in the office.
0
Comment
Question by:itmoonlighter
5 Comments
 
LVL 23

Accepted Solution

by:
Eirman earned 500 total points
ID: 39889102
I would definitely separate encryption software and user control software.

Most people will recommend truecrypt for encrypting the entire hard disk but I always recommend bestcrypt volume encryption from www.jetico.com

It's much easier to use, and give you better control and management in a corporate environment.  It has many feature that truecrypt does not have (the use of hardware tokens for example).

Unlike truecrypt it's not free ... but it's not expensive and support is good.
0
 
LVL 1

Expert Comment

by:ehilder1
ID: 39889139
Are your users working remotely over the internet or are they predominantly working on files and data "offline?"  If they are going to be accessing your system remotely, you may consider abandoning ANY company data being stored locally and utilizing a remote system like Terminal Services or Citrix to provide a remote sandbox for the user to work within your network

In addition, the laptops can be locked down via GPO or with the help of an additional management software like Deep Freeze which prevents a user from permanently affecting the configuration of the laptop:

http://www.faronics.com/products/deep-freeze/enterprise/

I have found that when users get laptops, regardless of policies, they become personal machines, kids use the to browse the web, etc.  Deep Freeze effectively resets the system to your original image on each restart regardless of what was done purposefully (install iTunes) or accidentally (installed malware.)

If you must apply true encryption to your laptop disk, you can use a program like TrueCrypt however many time its slows the overall performance of the laptop and I generally only consider it if a user if going to be using data offline that is highly confidential or is bound by a legal requirement for encryption, HIPAA for example.
0
 

Author Comment

by:itmoonlighter
ID: 39889221
Thanks for the comments. All of the data and programs they'd be working with would be online only, which they'd access via a VPN, I have the same fear that this will become a personal laptop, even though they'd be instructed that it's not.  I'll have to look at Deep Freeze. Is there other user control software out there? Our industry is bound by compliance, which is driving the disk encryption issue.
0
 
LVL 62

Expert Comment

by:gheist
ID: 39897889
Full disk encryption like BitLocker or truecrypt?
0
 
LVL 54

Expert Comment

by:McKnife
ID: 39898757
Hi.

Depends on your edition.
Win7 Ultimate and enterprise (not pro!) have both Bitlocker and applocker.
BL encrypts, applocker restricts application usage effectively. What edition do you run?
Win7 pro could use software restriction policies, which are similar to applocker.
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question