Windows XP and Vista: Encrypting File System
The Encrypting File System (EFS) is another way to encrypt data on removable disk drive. Though it's been recently superseded by BitLocker on the hard disk drive and BitLocker To Go for portable storage devices, EFS has been around longer and works on older versions of Windows, including as XP Professional and Vista Business, Enterprise and Ultimate. Enabling EFS is as simple as choosing the "Encrypt contents to secure data" option under the General properties of a folder or file.
On the flip side, EFS has several obscure quirks can be tricky to understand for nontechnical users. The EFS certificate, for one, must first be exported to another computer before it can be accessed. Moreover, files copied into an EFS folder are automatically encrypted, but those that are moved are not. Moving or copying EFS files to a non-NTFS file system removes the encryption, though performing a system backup preserves it.
Mac: 256-bit AES Encryption
On the Mac, you can create a password-protected, encrypted disk image with up to 256-bit AES encryption on Mac OS 10.5 or later. (For older Mac OS versions, 128-bit encryption is available.) The resulting .dmg file can be mounted into the Finder for file access and will automatically expand as data is added. Most importantly, a disk image file behaves as a regular file and can be copied onto a portable storage device.
There's one major disadvantage of file-level encryption, though: Employees who are lazy or in a hurry can easily skip this step.
Different Encryption Options With Third-Party Software
For a variety of reasons, your business may prefer third-party encryption software to platform-specific solutions. If that's the case, you have a few options.
- The open source TrueCrypt, supported on Windows, Mac OS X and Linux platforms, can create encrypted disk images that mount as real disks. TrueCrypt will also encrypt entire partitions or storage devices.
- GNU Privacy Guard (GnuPG) is another popular tool. It supports Mac OS X, Linux, FreeBSD, NetBSD and Windows, though not the 64-bit version of Windows.
- Businesses looking for simpler file encryption offerings often turn to strong AES encryption built into free file archival utilities such as the free 7-Zip and the commercial WinRAR.
Self-Encrypting Hardware: Many Options, But Buyer Beware
Recognizing that software encryption offerings aren't always convenient, security vendors are beginning to offer storage devices that don't require software.
The LOK-IT Secure Flash Drive, for example, uses a number pad for authentication-the storage drive initializes and appear on the host computer as a normal drive only after a user keys in the correct passcode. Data is transparently decrypted and encrypted in real time as data is read or copied to it; unplugging the drive relocks it automatically. Other examples include the Aegis PadLock and the StarTech encrypted hard drive enclosure, which use LED lights and an OLED display, respectively, to signal their status.
Sign up for CIO Asia eNewsletters.