Full-disk encryption (FDE) tools: A buyer's guide
A collection of articles that takes you from defining technology needs to purchasing options
This is part of a series on the top full disk encryption products and tools in the market. For more, check out our FDE product roundup.
The Dell Data Protection | Encryption product provides full disk encryption (FDE) capabilities for various desktop and laptop operating system (OS) hard drives. Full disk encryption is used to encrypt all data on a drive, so when the device is in an "off" state (not booted), sensitive data cannot be recovered from it -- using forensic tools, drive examination and other methods -- and the OS itself cannot be tampered with.
Although this product is sold by Dell, it works on a variety of vendor platforms (not just Dell hardware) so practically every desktop and laptop can benefit from its use.
Dell Data Protection Encryption comes in several forms, some of which support full disk encryption:
- Dell Data Protection | Encryption Enterprise Edition is the flagship enterprise FDE product from Dell. It is intended for environments with a variety of vendor platforms, including both Windows and Mac OS X systems. It provides centralized management capabilities for systems already using a self-encrypting drive (SED) for FDE. The level of security provided by this product is for most enterprise environments.
- Dell Data Protection | Hardware Crypto Accelerator is an add-on to Dell Data Protection | Enterprise Edition. Only certain versions of Dell hardware (particularly Latitude, OptiPlex and Precision systems) running on certain Windows 10, 8.1, 8, 7 or XP systems support it. Dell Data Protection Hardware Crypto Accelerator offers a higher degree of security than the Dell Data Protection | Enterprise Edition does alone. It is for environments with particularly stringent security needs. Security features include Trusted Platform Module (TPM) support and Federal Information Processing Standard (FIPS) 140-2 Level 3 validated encryption, which helps prevent tampering with cryptographic keys and associated authenticators.
- Dell Data Protection | BitLocker Manager adds centralized management capabilities to an existing or impending Microsoft BitLocker deployment. This allows the ability to manage most or all of the FDE products in the enterprise through the Dell Data Protection console. Dell Data Protection | BitLocker Manager is supported by the versions of Windows that support BitLocker.
Dell Data Protection | Enterprise Edition is supported by a variety of operating systems, including the following: Microsoft Windows 10 Education, Enterprise and Pro; Microsoft Windows 8 and 8.1 Enterprise and Professional; Microsoft Windows 7 Ultimate, Enterprise and Professional; Microsoft Windows XP Professional; Apple Mac OS X 10.9, 10.10 and 10.11.
Dell Data Protection | Personal Edition is supported on the following Windows platforms: Microsoft Windows 8 and 8.1 Enterprise and Professional; Microsoft Windows 7 Ultimate, Enterprise and Professional; Microsoft Windows XP Professional.
Encryption and authentication support
Dell Data Protection Encryption supports Advanced Encryption Standard (AES) with 128-bit and 256-bit keys. 128-bit is the minimum recommended key size for FDE, and 256-bit is the preferred key strength, so the key sizes provide sufficient protection against today’s threats (128-bit) and tomorrow’s (256-bit).
Dell Data Protection Encryption supports multifactor authentication, including integration with various enterprise directory solutions and public key infrastructures (PKIs). The product also supports the use of smart cards and cryptographic tokens.
Management of implementations
Like any security technology, Dell Data Protection | Encryption implementations need to be managed. This includes installing updates and upgrades, implementing policy through configuration settings (for example, setting the encryption key strength to be used), and monitoring devices to ensure Dell Data Protection |Encryption is functioning properly and has not been disabled by users, attackers or others.
Dell Data Protection | Enterprise Edition offers centralized management, which is much more popular than local management in most organizations because it does not require the administrator to be physically present at the device in question.
Dell Data Protection | Encryption is licensed per device -- such as desktop and laptop -- not per user. It is available directly from Dell, and it can be pre-installed on factory orders of Dell devices. Current retail pricing is not made publicly available by Dell.
There is a free trial version available. The evaluation request form allows organizations to specify which of the Dell Data Protection | Encryption products they want to evaluate, such as Enterprise Edition or BitLocker Manager.
Dell Data Protection Encryption for Windows or Mac OS X
The Dell Data Protection | Encryption products offer FDE solutions for Windows and Mac OS X desktops and laptops controlled by organizations of any size. Encryption and authentication support and centralized management capabilities are as strong (or stronger) than competing products.
All in all, Dell Data Protection |Encryption is a strong candidate for anyone looking for an FDE product for Windows or Mac OS X.
Get more reviews of other full disk encryption products featured in this series: McAfee Complete Data Protection, Symantec Endpoint Encryption, Sophos SafeGuard, Microsoft BitLocker, Check Point Full Disk Encryption, DiskCryptor and Apple FileVault 2.