in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Best Laptop Encryption Software: Some Criteria

I've covered a couple of posts in the past on the topic of what is the best disk encryption software.  In one particular post, I ranted that the best laptop disk encryption software does not exist as much as you have the "bests."  (Which, in my opinion, includes AlertBoot managed disk encryption, but, hey, that's just my opinion).

Some people thought I ought to be more practical, however, so here are a number of criteria for finding the best encryption software.

#1.  Find Out Your Requirements

The truth of the matter is that you'll have to find out if there are any requirements to protect your data.  For example, if you work in the medical field, you might be subject to HIPAA.  Under HIPAA, safe harbor from sending out patient notification letters is extended if you have a data breach -- but only if you use the adequate level of protection.

While HIPAA doesn't come and say so, the current (as of 2011) acceptable level of protection is AES-128 encryption or equivalent.  In fact, you probably want to stick to AES-128 as a minimum regardless of which industry you work in.

That brings us to the next criterion.

#2.  Weak Encryption: Don't Use It

There is strong and weak encryption out there.  Weak encryption is called that because, while it's technically encryption, it's also useless as a data protection measure.  From a previous post:

Bad/Weak encryption algorithms exist: Encryption is big business, and people are always on the look to create a better/stronger way to encrypt data.  But, it turns out that creating a strong encryption algorithm is extremely difficult (which explains why most of the encryption algorithms out there that are in use are pretty old).

Many companies will announce a new method of encrypting information, but sooner or later, most of these algorithms are found not to work. [FDE - How Secure is It?]

Like I stated in #1: stick toAES-128 or equivalent.  Or stronger, obviously: for example, AlertBoot uses AES-256 for its full disk encryption solution.

#3.  Find Something Easy to Manage

Once the number of machines you manage get big enough, encrypting machines goes to the backburner and management becomes the bigger problem.  Sure, you've encrypted your machines, but can you prove it? (It comes back to HIPAA and other similar regulations).  You're going to need something that will make it easy for you to create an audit report of some kind.

What about calls from users professing problems?  What if someone forgets their password (or worse, their username?)  What if disk encryption fails?

Easy management is something you should definitely be looking for.

#4.  Extras that Increase Security

The truth of the matter is that, once you have an appropriate encryption package selected, most of your security risks will come from your users' behavior.  Sharing passwords.  Posting passwords on a sticky note.  Never shutting down the computer.  Using weak passwords.  The list goes on and on.

You might want to ensure that the encryption software you use offer at least the following

  • Password limits.  Just so you can make sure users are not selecting weak passwords for themselves.
  • Rate limiting.  A time delay gets introduced for typing in the username and password if the wrong password is entered more than three times.
  • Lock out.  After a certain number of wrong password entries, the encryption locks out everyone.  Entering the correct password doesn't work.
  • USB Encryption.  Laptop encryption only protects data on that laptop.  If you copy data off of it, that data won't be encrypted.  Automatic USB encryption such as found in AlertBoot will encrypt all digital storage devices connected to a computer that had its internal HDD encrypted.

There are other things to consider, but the above four should be the least you should be looking for in an encryption solution.
 

 
<Previous Next>

Data Encryption Software: VA Medical Center Employee Takes Unauthorized Data Home

Data Encryption Software Non-Use Causes WikiLeaks Leak. Supposedly

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.