The bigger the company, the higher the chances that the loss of a laptop computer assigned to an employee carries significant risks. This is the reason why most companies that deal with sensitive data, such as banks and other financial institutions, require the use of data encryption software on their portable computers.
Naturally, people looking for a solution tend to ask “what’s the best?” When it comes to encryption, though, there isn’t an easy answer.
The Best Encryption – AES
If you need a simple answer so you can read up and move on, AES (Advanced Encryption Standard) is the encryption standard adopted by the U.S. government. This could very well be the “best encryption” although, as I’ve argued in a previous post, the best laptop disk encryption software is what works for you and your company (with the caveat that, there’s also encryption that’s bad for you, so definitely keep away from those).
AES, being an encryption standard, is not actually encryption software, meaning you’ll find plenty of companies that offer AES as part of their encryption package. There are three key sizes (128, 192, and 256 bits). Generally, the larger the key size, the more security it offers; however, recent studies have shown that AES-128 might actually be more secure than AES-256. Something to keep in mind.
There are other encryption algorithms out there that are as good as AES–it’s just that they didn’t get selected as the standard used by the U.S. government. Like I argued in the previous post: there is no “best encryption.” There is “the bests” in encryption.
The Best Type of Encryption for Your Company May Depend On Factors Other Than Encryption
While there aren’t too many ways out there to encrypt data, there definitely are many encryption products (think of it this way: there are many different car models, but they all pretty much use the same technology to propel them forward, the internal combustion engine).
Depending on your organization’s security wants, some encryption packages may not fill the needs. If your company has over 1,000 employees, it might be necessary to strike out a perfectly good, free encryption product like TrueCrypt from your list of encryption candidates.
The reason? While it does a great job of protecting your data, there’s the issue of keeping track of 1,000 employees’ computers (or more). And that’s not a trivial matter:
How will you go about deploying this encryption solution to all computers?
How will you know that all 1,000 of them were encrypted?
How will you know some employees went ahead and decrypted their computers because they thought encryption was slowing down their computers?
How will you manage the encryption keys?
How are you going to prevent employees from copying data off the computer?
Contrast this to a managed data protection software encryption suite like AlertBoot, which has been designed with the above problems in mind. It’s centrally managed, so it cannot be turned off by endusers; allows easy management of encryption keys; and makes reporting and auditing of encryption statuses easy.
Plus, it makes available other functionalities such as automatic USB port encryption, where any external storage devices plugged into the USB port are encrypted automatically, and the information can only be shared by an endorsed network of computers only.
Other things to consider may include the ability to reset enduser passwords; restrict the type of passwords (length, words, palindromes, etc); and the number of times a password can be guessed at before the system prevents anyone from accessing the data.