Department Name

Product

Description

PGP's encryption product that can encrypt entire disks, including boot sectors, system files and swap files. It runs as a background process transparent to the user. Effective for securing all private data on hard disks. Recommended to be used on managed (security controls automated by IT staff) Windows desktop & laptop computers, where Restricted information is required or routinely stored there by a user. Should be installed upon initial build of the workstation computer by IT staff. Users will need to establish a passphrase that will be used to access (decrypt) their data, in addition to their existing network/workstation logon. To make use of the WDRT (Whole Disk Recovery Token) that is generated at WDE's install, you must also use PGP Universal server to retrieve and store the key. The software is available for purchase.

Encryption function & implementation is essentially the same as PGP WDE Enterprise with the inclusion of PGP messaging. It can encrypt entire disks, including boot sectors, system files and swap files. It runs as a background process transparent to the user. Effective for securing all private data on hard disks. This product works well for personally managed (user turns on own security controls) Windows desktop & laptop computers where Restricted information is required or routinely stored there by a user. Users of unmanaged workstations should be able to install PGP Desktop on their own, or should consider turning their workstation over to have its security managed by their IT staff. The software is available for purchase.

Microsoft Windows XP Encrypting File System (EFS) enables users to encrypt individual non-system files and folfers. But unlike PGP WDE, doesn't encrypt all data stored and some private data may get over looked. Recommended to be used on all Windows desktops and laptops where Restricted information is required or routinely stored by its user, and that does not have an entire disk encryption solution in place already. It comes with the OS (free), and it is easily activated. The cost of this extra security measure to avert accidental disclosures is minimal. IMPORTANT NOTE: The Windows 2000 version of EFS cannot be relied upon for security, and is not recommended for any uses.

FileVault is the encryption solution built into Mac OS. It is effective for encrypting all contents of the Mac OS user's 'home dir.' Encryption does not follow data transferred out of the Mac to another computer, nor does it encrypt data stored on the MAC but outside of the Mac OS 'home dir'. Recommended to be used on all Mac desktops and laptops where Restricted information is not required or routinely stored by its user, and that does not have an entire disk encryption solution in place already. Mac OS comes with FileVault (free), and is easily activated. The cost of this extra security measure to avert accidental disclosures is minimal.

TrueCrypt is an open source encryption product that encrypts file volumes. It is personal computer and operating system independent, so is useful on removable media such as CDs, DVDs, jump drives, and external removable hard drives. A driver must be loaded on any computer acessing a TrueCrypt encrypted file volume. Therefore, the IT support group would need to include the driver in their workstation image if they wish to support this as a security solution for removable media in their Unit. Recommended for faculty, staff and researchers who MUST store Restricted information on removable media (all other alternatives explored.) Users will need some assistance. The TrueCrypt software is free and opensource.

Although unevaluated and/or not necessarily recommended by the Health Science Center security office, these encryption applications may have more features than the ones listed above.