 |
What is DriveCrypt Enterprise ? |
 |
DriveCrypt Enterprise lets you encrypt the hard disks of all of your company laptops, PC's and servers.
DriveCrypt provides 100% FULL DISK encryption. All files, folders and sectors are encrypted using a FIPS197 approved algorithym - nothing is left to chance or user error. |
|
|
Does DriveCrypt support Windows 2008, Windows 7, Vista / XP / Windows 2000 / 2003 / NT. |
|
Yes. Read the datasheet for a list of all supported operating systems. 64bit also supported. |
|
|
Why do I need to encrypt my PC's and Laptops ? |
|
Thousands of laptops (and USB sticks) are lost or stolen each year (10,000 alone in London taxis!).
Unless your data is encrypted it is incredibly simple for anyone to view, remove and share ANY of the data that was stored on the laptop. This is possible even though the Administrator or Root password may not be known...
There have been many high profile, embarrassing instances recently where company employee details, patient details, bank details, customer databases, credit card details and other confidential information has been retrieved in this way and either distributed or used for criminal purposes. |
|
|
What kind of Encryption does DriveCrypt use? |
|
DriveCrypt uses a Government certified FIPS-197, AES 256-bit encryption cipher.
Experts agree that this level of encryption is very, very strong, and it would take the largest computing power available hundreds, if not thousands of years to break.
Technically speaking, DriveCrypt uses the Rijndael block cipher. Rijndael was also chosen for the "Advanced Encryption Standard" (AES) by the U.S. government .
DriveCrypt Enterprise has been awarded FIPS accreditation.
See Wikipedia about AES and how it works: |
|
|
How is it different from Windows Bitlocker? |
|
Firstly Windows Bitlocker isnt 100% secure. It has been hacked.
- Bitlocker is only available for clients running Windows 7 / Vista Enterprise and Ultimate (expensive) versions.
- Bitlocker cant be centrally managed, configured or deployed.
- Bitlocker cant recover lost user passwords. Drivecrypt can be configured to use a challenge/response mechanism useful for Company IT Support Departments.
- Bitlocker cant produce audit reports.
- Bitlocker needs a special TPM security chip - many PC's / older PC's dont have this.
|
|
|
How is DriveCrypt Enterprise deployed? |
|
Using a simple, web based configuration utility, DriveCrypt "finds" PC's / laptops on your network and can an install (and your chosen policy for passwords etc) can be pushed/pulled to the target device. |
|
|
How long does deployment take ? |
|
Once you have selected a target machine(s), and have told the console to deploy encryption, a small piece of software is remotely installed onto the target machine and encryption begins.
Encryptions is seamless, happens behind the scenes and a user will not even notice it running.
Typically it can take between 1 and 3 hours for the machine to be fully encrypted (depending on the size of disk / data) but the machine can be shut down or restarted at any time. Encryption will continue where it left off until complete. |
|
|
Does the user notice any changes ? |
|
When deployment is complete, and when the PC / laptop is restarted, the user will be presented with a pre-boot logon screen. Here they enter their username and password and booting continues as normal.
Everything else is 100% transparent to the user. |
|
|
What happens if the user forgets their Password? |
|
The user can contact their IT department (or the people in charge of the DriveCrypt deployment).
On successful completion of a pre-selected challenge / response question, the DriveCrypt Management console is able to generate a password to enable the user access. |
|
|
What happens if the laptop / PC is lost or stolen? |
|
The machine is unusable and no data can be recovered by any unauthorised persons. |
|
|
Can I encrypt USB sticks and other removable media? |
|
Yes. DriveCrypt provides full disk encryption for USB sticks and other removable media - however we recommend hardware encrypted, fully managable devices such as SafeStick.
As part of your policy we strongly recommend that you lock down access to all removable media also. You should stop people being able to copy data to USB sticks in the first place and only authorise specific users / devices which are approved and encrypted.
We recommend DeviceLock Enterprise for controlling device access company wide. |
|
|
What is single sign on ? |
|
You can configure DriveCrypt Enterprise to utilise single sign on.
Users can have a single username and password which they enter at the pre-boot screen, which will start the PC / laptop and can also log them onto Windows / the network as required. |
|
|
How do I administer the System? |
|
Using the Management console. There is nothing to manage on the clients. |
|
|
What happens on catastrophic failure of the laptop / PC ? |
|
If the laptop / PC hardware fails for any reason it is possible for authorised members of the IT / Deployment team to de-encrypt the hard disk to remove the data. |
|
|
Why should a consumer buy a third party encryption product such as DriveCrypt Enterprise when they get encryption with Vista? |
|
Only two specific, high end versions of Vista (Ultimate and Enterprise) feature the encryption module (Bitlocker) – plus not many Enterprise customers have deployed Vista as yet - most still run Windows 2000 or XP.
DriveCrypt works with a wide range of OS’s – including Windows Vista, XP and 2008, offer much stronger protection, much higher encryption techniques, and feature Enterprise deployment and management tools.
Unlike Microsoft products they do not require special chips to be present on the computer (TPM) and our software can be installed at any stage. |
|
|
Why would I need ‘’full disk’’ encryption rather than just encrypting the particular data on the machine? |
|
Just encrypting specific data (files or folders alone) can lead to human error, and therefore data is likely to be compromised.
Let us assume a sensitive file is stored on a laptop. That file could be stored, theoretically, not just in the encrypted folder but copied to the desktop or temp filder location - or wherever. If the user does not take particular steps to keep this file in the encrypted folder, then data is exposed.
Secondly to encrypt this folder creates subfiles or temporary files which can contain portions of the confidential file. If someone gets hold of a stolen computer, then they could gain access to that temporary file and therefore to the data. With ‘’full disk’’ encryption you are 100% secure. |
|
|
Why purchase software encryption rather than buying laptops with hardware / TPM chips in to provide hardware encryption? |
|
TPM chips are a great general step forward, and are one solution – but surely you arent going to throw away all your existing laptops and buy new ones all with TPM chips?
So what about protecting all your legacy laptops? What about deployment and management?
As a comparison for instance, Microsoft Windows XP (Professional version only) already features a little known encryption system EFS, but no one uses it because it is too complicated and it makes the machines very slow. If a solution is difficult to install, manage and use then mistakes can happen - or more likely users wont use it at all.
DriveCrypt is a very easy, two minute install. If you have ten or ten thousand machines you can, from the central management console, install the software automatically and be fully protected – no matter what hardware they have - in a matter of an hour or so.
DriveCrypt also offers special features which other solutions do not, for instance, the possibility to set more than one password for one computer. This means that if a person is forced by an aggressor to reveal a password that person can instead reveal a “false” password. This will boot a fake operating system which is not distinguishable from the original one. So although the aggressor does have access to the machine he is seeing fake data - however they will be unaware of this fact. So the person would be cooperative with the aggressor but the data is still kept safe. |
|
|
Can I still use Windows Hibernation ? |
|
Yes. |
|
|
How do I trial DriveCrypt Enterprise? |
|
Download a 21 day trial from this website |
|
|
How is DriveCrypt priced? |
|
Licences start at 10 PC's / Laptops. Contact us for more details on your actual requirements. |
|
|
My question isn't listed - how do I find out more information? |
|
You can find answers to more technical questions on our eSupport self help / KB system. Also you can give us a call on +44(0)8456 443 911 or use our Enquiry Form.
|
