Hard Drive Encryption

We have a client that is getting a new mobile workstation. He has a concern about the safety of his data when he is out of the office.

What is the best practice for data encryption? Bitlocker? Symantec?

The machine has not yet been purchased, but they have been using Win7 Pro in the office. I understand that Win 8 Pro has bitlocker. Would this be the easiest route?
Who is Participating?
McKnifeConnect With a Mentor Commented:
You are having a client who proposes symantec? I thought it was your job to propose something :)

We used symantec's encryption until we switched to bitlocker. See my list of features here: http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/Windows_7/Q_27634304.html#a37727179 ->Symantec's had only one single advantage compared to bitlocker : single sign on. Apart from that, BL is the same at no additional cost. Symantec's product costs annual maintenance fee's (for updates), don't forget that.

The best performance would be to use hardware encryption, be it with or without bitlocker (BL does support HW encryption since win8.1). I would have to look at the specs of Symantec's current version to see if they do, too.

We have engineers with autodesk inventor (a huge CAD suite), here, they are happy with the disk performance of BL.

Surely, bitlocker is an easy route and you will save money unless you go with the freewares of whom I will name disk cryptor, veracrypt and truecrypt. Unlike Bitlocker, those freewares don't allow transparent encryption, which means utilizing the tpm security chip that most laptop feature nowadays. Transparent encryption does not require an extra password.
Another possible and truely easy route is to purchase a self encrypting drive ("SED") with your laptop (consider an SSD upgrade in any case), like the samsung EVO series. That would mean, no software is used at all.

So there are plenty of options and all are pretty easy, all are worth looking at if you have the time. If you don't, the easiest in software is win8.1 pro and bitlocker with TPM for sure. The overall easiest is the SED, unless you are keen to get the "password-free option".

there is more to say, but I will wait for feedback, first.
Rich RumbleSecurity SamuraiCommented:
http://www.experts-exchange.com/Security/Encryption/A_12134-Choosing-the-right-encryption-for-your-needs.html Says it all :) The user should understand that disk encryption only protects from physical theft of the device when it's powered off, read the article for full details.
BlackJack11Author Commented:
Thank you for the feedback. They would like to go with the software route for encryption. They've mentioned interest in Symantec's Encryption Product; any feedback on that piece? We are trying to push the 8.1 Bitlocker route for costs reasons and availability.

A question we were asked is will the encryption have any performance impacts. The clients are engineers and have higher-end workstations to render their CAD drawings. Does BitLocker or Symantec have any performance affect on the machine?

Thanks for the article, reading it now.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.