Encryption - Additional Products

Last Updated: 10/19/2012

Overview

OIT offers and supports PGP software and licenses to faculty and staff for whole disk encryption.

Additional Products

Operating system integrated

EFS (Windows 2000 and later)
Windows 2000 and later include an encryption feature called Encrypted File System (EFS), which can be used to encrypt information at the file, folder or disk level.  It can leverage Active Directory for storing user encryption keys.

  • Pros: Integrated into current versions of Windows and easy to use at a basic level.
  • Cons: Full key management options require planning.  Encryption does not “stick” to files.
  • Learn More

BitLocker (Windows Vista)
Windows Vista Enterprise and Ultimate editions include a disk encryption tool called BitLocker which is designed to work together with a Trusted Platform Module (TPM) hardware chip in a computer.  It uses a separate boot partition and encrypts the primary system partition.  It can leverage Active Directory for storing disk restore keys.

  • Pros: Integrated into the operating system and can leverage TPM chips and tokens for enhanced security
  • Cons: Only available on certain versions of Windows Vista (Enterprise and Ultimate), effectively requires a TPM v1.2 chip in the computer, needs a special partitioning configuration, and encryption does not “stick” to files when they are copied off of the disk.
  • Learn More

FileVault (Mac OS X 10.3 and later)
Apple OS X versions 10.3 and higher include a tool called FileVault for encrypting a user’s home directory.  It uses the user’s normal login password, providing seamless access and allows the computer administrator to set a “master password” in case a user forgets their password.

  • Pros: It provides an easy to use and integrated encryption option for OS X users.
  • Cons: FileVault only encrypts the home directory, so files saved elsewhere are unencrypted.  As with other folder level encryption options, the encryption does not “stick” with the file when it is copied, moved or emailed.
  • Learn More

Linux
Different Linux distributions may come packaged with various encryption tools, most commonly forms of GnuPG (open source implementation of PGP style encryption).  Check with your Linux distribution provider to see what encryption tools are included and check the encryption software section below for products with Linux versions.

Hardware level encryption

Hard drives with encryption
Storage companies are beginning to ship hard drives with hardware encryption built-in.  This means the hard drive itself can encrypt information as it writes it to the drive and decrypt it as it reads the information.  This technology is expected to grow quickly and surpass software encryption popularity for whole disk encryption functions.  A small number of USB thumb drives include hardware encryption (a number of them advertise encryption, but simply come packaged with basic encryption software). 

Trusted Platform Modules (TPM chips)
Trusted Platform Modules are chips in some computers that allow for hardware level management of some security functions, including encryption.  Purchasing a computer with a TPM chip does not, on its own, provide any protection, although some computer vendors package security software with the computer that can leverage the TPM.  Different products may use TPM chips in different ways and have different requirements for TPM chip versions.  If you are planning on using software that leverages a TPM chip you should verify the specific hardware requirements.  

Encryption software

Utimaco/SouthSeas (State pricing agreement)
The State of Colorado has established a state-wide pricing agreement that allows state agencies to purchase Utimaco encryption software through the SouthSeas reseller at a discounted rate.  The agreement covers the following suite of encryption products for Windows 2000/XP/2003:

  • SafeGuard Easy
  • SafeGuard Advanced Security
  • SafeGuard Private Disk
  • SafeGuard Private Crypto
  • SafeGuard PDA
  • SafeGuard LAN Crypt

These applications provide whole disk encryption, single file/folder encryption, multi-user file encryption, encryption of information on PDA’s and other functions.

GnuPG
GnuPG (Gnu Privacy Guard) is an open-source implementation based on the OpenPGP standard.

PointSec
PointSec provides a widely recognized set of encryption software which is particularly popular in government and financial markets.  They are most commonly associated with whole disk encryption, but provide additional encryption functions.

MS Office and OpenOffice
MS Office 2003/2007 and OpenOffice 2 both include strong encryption capabilities that password protect individual files.  For MS Office 2003, a default setting must be changed to provide robust encryption.
Through version 2004, MS Office for OS X does not provide sufficiently strong encryption for documents.  ITS does not recommend that users rely on MS Office for OS X as their encryption layer to protect private data.

  • MS Office platforms: Windows, and Mac OS X (although current MS Office encryption for OS X is not recommended)
  • OpenOffice platforms: Windows, Mac OS X and Linux

TrueCrypt
TrueCrypt is a free, open-source encryption application for Windows and Linux that provides strong encryption.  It is appropriate for individual users who wish to encrypt a set of files or a removable drive.  Truecrypt supports several encryption algorithms and uses passwords and/or key files to lock the encrypted information.

Learn More