Wednesday, February 7, 2007

Drive Encryption

Full-disk encryption products like Pointsec are a flash in the pan. A lot of time and energy is being spent right now on encrypting laptop hard drives to stem the tide of stolen data. But five years from now, we won't be talking about it. Disk encryption that is good enough to be compliant, if not effective, is commodity technology. You will be able to get it cheaply, and from a variety of vendors in the immediate future.

If you are an end user, the cheaper options probably work for you right now. If you are a large company, replacing thousands of hard drives or upgrading to Vista is a huge job with huge costs, and it's probably cheaper to buy a third-party encryption product. Unpleasant as the prospect of a big, expensive software rollout is, the alternative sucks. So, git-r-done already.

Some advice on third-party products:

  • Test. And I don't just mean functionality. At least a couple of the products in Gartner's Magic Quadrant have glaring design holes in them. The kind that make it possible to bypass the product altogether in certain configurations. Oops!
  • Be thinking about your roll-out when you pick a product. Easy deployment and stable performance are worth probably $40-50/seat in terms of cost savings for the relatively short life of this project.
  • Don't buy the 5-year support contract. If you plan to still have this stuff in wide deployment in 5 years, then you've also just finished deploying Windows 2000 SP4 and you've got bigger issues than laptop theft. Face it, nobody's going to steal your Celeron-366 laptops anyway.
  • Think past the short-term fix. Buy and apply a bandage now. Spend more time planning and less money buying your next drive encryption solution. And if you're going to use something that requires new hardware, start buying today.

No comments: