Encryption is a technology like no other when it comes to having a bulletproof capability (the math is more or less iron clad). However, implementation details such as key management (or even making sure that the right elements are encrypted in the right way) can result in loose ends and security vulnerabilities.
It is a tricky category, in part because there are multiple product types (and yes, we'll be looking at breaking it into separate categories next year). It is also a technology area where being a dominant player doesn't guarantee a top score on our surveys.
This year, readers gave thumbs up to Sophos, a name you're likely to recognize and, clearly, awareness of its encryption offerings is growing. WinMagic is less of a household name, but the company's technology is strongly established among organizations that need to provide consistent encryption across multiple operating systems.
Winner: Safeguard Enterprise, Sophos Ltd.
SafeGuard Enterprise lives up to its name as an enterprise-focused product to provide and manage encryption across multiple platforms throughout an organization. Deployment begins with the SafeGuard Policy Editor, a single console view of a centralized database of rules that can be fine-tuned to an impressively granular level, with policy rule sets and then distributed to all encrypted endpoints.
According to Sophos, four out of five laptops are unencrypted, in large part because conventional encryption approaches can impose a significant performance penalty on the protected systems. So once an endpoint is drawn into SafeGuard's encryption management, SafeGuard leverages native operating system encryption (think Microsoft's BitLocker and Macintosh FileVault) for better performance. In the case of Microsoft BitLocker, for instance, Terry Myerson, executive vice president of Microsoft's operating system group, says SafeGuard gets the best of both native encryption and cross-platform control because it "takes everything that makes BitLocker great and adds innovative compliance and enterprise management capabilities on top of it."
Because it builds on that native integration (in some instances), Sophos claims that the latest version is six times faster than any competitor when it comes to initial drive encryption.
With the 6.1 release of the product earlier this year, Sophos extended its reach to mobile devices (for decrypted reading) by way of a free Mobile Encryption App, available for iOS and Android. There's also SafeGuard Encryption for Cloud Storage, which automatically and invisibly encrypts and decrypts files as they are uploaded or downloaded from cloud services.
Winner: SecureDoc, WinMagic Inc.
WinMagic's SecureDoc tackles a different sort of adaptability, supporting full disk encryption for a wide variety of hardware and software platforms. This includes Windows desktops and servers, Macintosh and Linux-based systems, mobile devices of various stripes and portable media. It even provides excellent compatibility with self-encrypting drives. Readers told us that SecureDoc not only handled most of what you'd typically encounter in an enterprise, but that it did it in a way that's not difficult on users.
Full-disk encryption is another technology area that's trickier than it looks. While Microsoft offers full-disk encryption for free in the form of BitLocker, turning BitLocker on won't solve your problems. A systems administrator's worst nightmare is giving every user an easy way to forget their passwords and lose access to everything on their systems, in an irrecoverable way.
Enterprises need comprehensive password management that's consistent with the encryption password management schemes they are using for non-Windows systems. This is where SecureDoc gets especially interesting. While the product can be purchased in standalone formations, most organizations will want the administrative capabilities of SecureDoc Enterprise Server. This technology enables organizations to have centralized control over policies and password rules. That includes management of non-WinMagic encryption provided through Microsoft's BitLocker or Apple's FileVault 2, and self-encrypting drives.
Send comments on this article to firstname.lastname@example.org.