If your company is contemplating a migration to the new Windows Vista operating system, you might want to consider...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
the Business, Ultimate or Enterprise editions. Each includes a new hard drive feature called BitLocker Drive Encryption. By default, the technology requires a Trusted Platform Module (TPM) chip usually found only in higher-end systems. However, you can set group policy so that a USB storage device can store the encryption keys. This setting prevents the computer from booting up until the USB device is plugged in. Great two-factor authentication!
WinMagic's disk encryption software, SecureDoc, offers another way to add pre-boot authentication. If you are having problems with the time it takes to decrypt data, I would consider creating a volume that automatically encrypts all files stored on it; then I would move the My Documents folder to reside there. As long as software programs are not stored on this encrypted drive, there should only be a negligible impact on performance.
If you wish to use encryption abroad, you will have to ensure that the product you choose can be used in the countries that your staff may need to visit. The Bureau of Industry and Security assigns a license exception to most commercial encryption products, allowing them to be exported to only specified destinations. PGP, for example, falls within three types of license exception: mass market, ENC restricted and ENC unrestricted. None of these categories, however, allow encryption products to be exported to the following embargoed countries: Cuba, Iran, Iraq, Libya, North Korea, Sudan, and Syria.
Other steps you can take to protect on-the-road laptops include locking down the operating system and providing users with a physical lock. Better still, insist that users remove hard drives and lock them in a safe whenever they leave their laptops unattended. Some organizations now provide spare drives that have to be installed when working in a hostile environment; anywhere outside the confines of the office. These drives only contain company data that is classified as public. Any other data has to be stored on encrypted USB keys carried separately from the laptop. Proximity alarms can also be attached to a laptop, which will go off if the computer gets too far away from its owner. Finally, I would ensure that all of the laptop-using staff receive security awareness training. The training should be aimed at the particular threats that laptop users face, such as unsecured public Wi-Fi and opportunist thieves.
Dig Deeper on Disk Encryption and File Encryption
Related Q&A from Michael Cobb
Threat actors are moving from macro malware to using OLE technology to spread their malicious code. Expert Michael Cobb explains what enterprises ...continue reading
A digital signature on an HTML5 document cannot be authenticated the same way a PDF can. Expert Michael Cobb explains how enterprises should address ...continue reading
A survey found that half of its respondents perform application updates daily. Expert Michael Cobb explains how to allocate appropriate time on ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.