We're getting more and more requests from clients for recommendations and implementation of two security related systems: vulnerability assessments and file/folder encryption software. Our clients are:
1. Law firms.
2. Small (10 to 75 users).
3. Networked; servers are virtualized.
4. Windows OS (2008/2012/2016 on servers, 7/8/10 on workstations).
5. Have perimeter firewalls suited to the size of the firm (mostly WatchGuard).
These requests for vulnerability assessments and encryption are prompted by requirements of certain clients of these firms, such as banks and insurance companies. We're looking for tools that we can use/recommend to our clients for assessing vulnerabilities and providing encryption for files/folders. Generally they don't require full disk encryption, as only a portion of their work product is affected by these outside requirements. Full disk encryption, however, may be required for laptops.
We have a product for email encryption in place in some cases, but any thoughts or specific recommendations in that area would also be welcomed.