- What is Full Disk Encryption ?
- Benefits of Full Disk Encryption
- Good to read
- Software Based Full Disk Encryption vs Hardware Based Full Disk Encryption
- Best Open Source and free Full Disk Encryption Products
- Best Full Disk Encryption Products for Enterprises
Best Full Disk Encryption Products for Enterprises
There are a number of Full Disk Encryption Software on the market which can be used by enterprises.
1. Check Point Full Disk Encryption
Features :
- Check Point Full Disk Encryption is available with Microsoft Windows and Mac OS X.
- It has FIPS, Common Criteria, BITS certifications for compliance.
- Check Point Full Disk Encryption supports AES with 256 bit key encryption algorithm.
- It supports pre-boot authentication for encryption.
- It also supports multifactor authentication like certificate-based Smartcards and dynamic tokens.
- Check Point Full Disk Encryption is integrated into Checkpoint Software Blade Architecture.
- It can be centrally managed using Check Point Endpoint Policy Management Software Blade.
- It also provides Remote Password Change and One-Time Login remote help options for users who have forgotten passwords.
Price : Pricing may vary on several factors. You can contact Check Point Sales for more information.
2. Symantec Endpoint Encryption
Features :
- Symantec Endpoint Encryption provides full disk and removable media encryption with centralized management.
- It is built with with PGP encryption technology.
- It encrypts laptops, desktops, Windows tablets, and various types of removable media including USB drives, external hard drives, and CD/DVD/Blu-ray media.
- It also provides support for virtual machines and native OS encryption such as FileVault 2, BitLocker and OPAL compliant self-encrypting drives.
- It supports the use of AES encryption with 128 bit or 256 bit encryption key.
- Symantec Endpoint Protection also supports multifactor authentication using cryptographic tokens and smart cards.
Price : $189 per license / year.
3. McAfee Complete Data Protection
Features :
- McAfee Complete Data Protection can secure desktops, virtual desktop infrastructure (VDI) workstations, laptops, Microsoft Windows tablets and USB drives.
- It also supports On The Fly Encryption for mobile storage devices.
- It supports Microsoft Windows and Apple Mac OS X Operating System.
- It uses AES with 256 bit encryption key.
- McAfee Complete Data Protection is FIPS 140-2 and Common Criteria EAL2+ certified.
- It supports 2 Factor pre-boot authentication to prevent unauthorized access.
- McAfee Complete Data Protection can be managed centrally using McAfee ePolicy Orchestrator Software.
Price : $93.86-$104.73 per license. License is perpetual with 1 year of maintenance.
4. Dell Data Protection Encryption
Features :
- Dell Data Protection Encryption provides security for desktop, laptop and external media.
- It supports Windows and Mac OS X.
- It also supports key and data recovery, automatic updates and tracking for protected devices.
- Dell Data Protection Solution includes hardware and software for endpoints that integrates with encryption management server and associated services.
- It can also support centralized management of Microsoft BitLocker.
- Dell Data Protection Encryption supports AES with 128 bit and 256 bit keys.
- It also supports multifactor authentication and can integrate with enterprise directory solution and public key infrastructures.
Price : It may vary from $40 to $90 per year.
5. Sophos SafeGuard Enterprise
Features :
- Sophos SafeGruard Disk Encryption supports encryption of full disk for Windows and Apple Mac OS X.
- It can also provide the ability to centrally manage Windows BitLocker and Apple FileVault 2.
- Sophos SafeGuard Enterprise edition is Federal Information Processing Standard (FIPS) 140-2 compliant.
- Sophos SafeGuard Enterprise edition also supports file and folder encryption along with full disk encryption.
- Sophos SafeGuard Enterprise provides synchronized encryption by continuously validating user, application and device before allowing any access.
- It can also synchronize encryption keys with Windows, iOS and Android devices.
- Sophos SafeGuard Enterprise can also protect data in Cloud.
- It uses AES with 128 bit or 256 bit encryption keys.
- Sophos SafeGuard Enterprise edition supports multifactor authentication using smart cards, cryptographic tokens or other authentication factors.
Price : Price for Sophos SafeGuard Enterprise around $80 per license. Price may vary depending on several factors. Please contact Sophos Sales for more information.
6. WinMagic SecureDoc Enterprise Server (SES)
Features :
- WinMagic SecureDoc Enterprise Server provides encryption of data in computers, laptops, iOS and Android devices and removable and fixed storage devices.
- It supports software based full disk encryption as well as file and folder encryption.
- It also provides support for Microsoft Windows BitLocker and Apple FileVault 2.
- It provides centralized management through server based or web console.
- It can manage encryption keys through its key management engine.
- It uses AES with 256 bit encryption keys.
- It can also handle hardware complexities like redundant arrays of independent disks (RAID) arrays.
- WinMagic SecureDoc Enterprise Server also supports Self Encrypting Drives in which the devices encrypt at the hardware level making the encryption faster.
- WinMagic SecureDoc Enterprise Server is FIPS 140-2 validated.
Price : One time license costs varies from $1000 to $5000. Please contact WinMagic Sales for more information.
7. Microsoft BitLocker
Features :
- BitLocker is a Full Disk Encryption program included in Windows Pro, Enterprise and Ultimate.
- It can encrypt the entire volumes.
- BitLocker may use three mechanisms to encrypt and decrypt disks. It can use TPM or Trusted Platform Module hardware to provide transparent encryption . In User Authentication Mode it may ask for user authentication in pre-boot environment. It can also use USB Key Mode in which a user needs to insert a USB drive containing secret keys. You would find more information on this in What is BitLocker ?
- By default BitLocker uses the AES encryption algorithm in cipher block chaining (CBC) or XTS mode with a 128-bit or 256-bit key.
Price : Available with Pro, Enterprise and Ultimate versions of Windows.
8. Apple FileVault
Features :
- It is natively available with Mac OS.
- It provides On The Fly Encryption of volumes of a Mac Computer.
- It uses the AES-XTS mode of AES with 128 bit blocks and a 256 bit key to encrypt the disk.
- Apple FileVault is FIPS 140-2-certified.
- Apple does not provide any centralized management capabilities for FileVault. It is intended for local management.
- One disadvanatge of Apple FileVault is it uses user’s Mac OS X password for pre-boot authentication for the disk encryption.
Price : It comes with Mac OS X 10.3 and later.
9. DiskCryptor
Features :
- DiskCryptor is an open source full disk encryption software for Microsoft Windows. It can encrypt entire hard drive or individual partitions. It can also encrypt the partition or disk on which Windows OS is installed.
- DiskCryptor is an Open Source software under GPL License.
- DiskCryptor uses either AES-256, Serpent, Twofish or a combination of cascaded algorithms in XTS mode to do the encryption.
- DiskCryptor provides transparent encryption of disk partitions. It also provides support for dynamic disk and disks with large sector size.
- It is compatible with third-party boot loaders like LILO, GRUB etc.
- Encryption is possible using pre-boot authentication. One can also place boot loader on external medium and authenticate using the key medium.
- DiskCryptor also provides the option of encrypting external USB storage devices.
- One advantage of DisCryptor is it can support various complex hardware configurations such as Redundant Array of Independent Disk (RAID) arrays.
- DiskCryptor also does not provide any centralized management option.
Price : It is Open Source under GPL License.