Despite your best security efforts, at some point one of your corporate desktops or laptops will be lost or stolen. If the machine belongs to someone in customer service, you may only need to worry about the loss of the equipment. If the machine belongs to your CEO, CFO, or the head of human resources, important company data could be compromised. Encryption software can often prevent a loss of sensitive data, but is it right for all desktops or is that security overkill? I think the answer to this question is, it depends. Let’s take a closer look at PC encryption in general and five encryption software options.

Deciding when to use encryption
When determining whether your desktops and/or laptops need encryption software, consider file location, file type, and file sensitivity.

File location
If your organization stores highly sensitive data only on network servers, neither your desktops nor laptops likely need encryption software. Depending on the encryption software used, encrypted data can be difficult if not impossible to recover if the PC’s operating system crashes. To avoid catastrophe in the event of such a failure, you should completely back up encrypted PCs on a regular schedule. This effort can be quite time-consuming if you’re dealing with a large number of encrypted desktops and/or laptops.

However, if your organization must store sensitive data on desktops and/or laptops, you should take a second look at the encryption software I’ll discuss below. I believe it’s always appropriate to encrypt sensitive data stored on a laptop. Laptops generally travel out of the office, so unless the data is encrypted, it could be easily compromised if the laptop were lost or stolen.

File type
Not all files can or should be encrypted. For example, you usually can’t encrypt an operating system, nor can you perform partition-level encryption on a partition that contains operating system files. This is because during the early phases of the boot process, the operating system is unaware of any encryption software (even if the encryption software is part of the operating system, as in the case of Windows 2000). Encrypted operating system files would therefore be unreadable, making the system unbootable.

File sensitivity
Consider the files’ sensitivity and only encrypt those files that could cause significant damage to your organization if exposed to a competitor or made public. A few examples include human resource records, financial statements, legal department documents, and sales figures. When deciding which files to encrypt, I recommend enlisting the aid of senior management and your organization’s legal department.

PC encryption options
If you decide that your organization needs to encrypt data on its desktops and/or laptops, you have several options. Both Windows 2000 and XP offer file encryption capabilities via the encrypting file system (EFS). While I’m very fond of EFS, plenty of third-party products are available for encrypting PC files.

Below are descriptions of several desktop encryption products. Keep in mind that the products are not ranked in any order and a spot on this list is not an endorsement of any particular product. There is little difference between encryption products, aside from key size.

Virtual Matrix Encryption
Meganet Corporation claims its Virtual Matrix Encryption (VME) products are unbreakable forms of desktop encryption. In fact, the company claims that the encryption is so secure that it is giving a Ferrari 360 to the first person to break into an encrypted file. The VME software uses 1,048,576-bit symmetric key encryption in conjunction with a series of virtual matrices. The large encryption key makes this type of encryption much more resistant to brute force attacks than similar products, such as EFS, which relies on a mere 128-bit key.

Virtual Matrix Encryption comes in several flavors, but the version most suitable for enterprise laptops and desktops is VME 2000. Its base price is $100 per copy for individual licenses. Corporate solutions are available if you contact Meganet Corporation directly.

Another encryption product is CHAOS. Unlike Virtual Matrix Encryption, which costs a hundred bucks, the entry-level version of CHAOS (ABC CHAOS) is free. There are also versions of CHAOS that encrypt e-mail and compress and then encrypt files. These alternate versions are available from the CHOAS Web site for around $40 to $60 dollars each. Although CHAOS is based on a public key infrastructure (PKI), I was unable to find any information available on CHOAS key strength on the Web site.

Although CipherPack from VIO Systems Limited is geared toward secure file transmission, it can also be used for desktop file security. CipherPack is a symmetric, multikey encryption product with a maximum key size of 120 bits. There’s also a Pro version of the software based on the SHA-1 and AES encryption algorithms.

Rather than simply applying encryption to a folder as other products do, CipherPack creates an archive file containing all of the encrypted files. Because of this, CipherPack is an ideal solution for securely distributing software over the Internet. The recipient doesn’t even need a copy of CipherPack because the compressed file also contains decryption software. The recipient must simply enter the encryption key to launch the decryption process. CipherPack costs about $40 for the standard version and about $60 for the professional version.

ImageX is an innovative product from TopLang Software Studio. Any file you want to encrypt is encrypted and embedded into a JPEG file. That way, whether you need to send the file to someone or you just want to hide a file on your PC, the file appears to be a JPEG. If someone tries to open the file without using the ImageX software, they will see only a picture. The only hint that there’s more to the picture than meets the eye is the file size. TopLang’s Web site offers a freeware version of ImageX and a full version is available for $18. The full version requires users to enter some credentials before the JPEG’s underlying data file is revealed and allowed to be decrypted.

Encryption Plus Folders
Encryption Plus Folders, from PC Guardian, is similar to the encrypting file system that comes with Windows in that it allows users to encrypt and decrypt data on the fly without having to do anything other than logging in. The software uses a 192-bit, block-based cipher algorithm.

The software’s ability to encrypt the contents of multiple folders and support multiple users is also a nice touch. Encryption Plus even contains a password recovery module so you can’t accidentally lock a folder permanently. You can also use Encryption Plus Folders on removable media.

A single license for Encryption Plus Folders costs about $100. An enterprise version that offers centralized administration is also available. The minimum order for the enterprise edition is 50 licenses. For pricing information, contact PC Guardian directly.