The line between email and storage encryption is beginning to blur. The business drivers — ensuring regulatory compliance, reducing the leakage of sensitive data, and limiting the damage from laptop theft are essentially the same. And so are some of the critical technical features, e.g. directory-based key management, password recovery, and central administration.
While there are many vendors offering either disk or email encryption, GuardianEdge Technologies, Information Security Corp., PGP, and Utimaco stand out for the ways in which they have combined these capabilities with centralized, policy based administration and key management.
GuardianEdge spun out of PC Guardian, which has been offering disk encryption since 1994, earlier this year. The company recently landed $6 million in venture funding. Early next year, GuardianEdge will be releasing Encryption Anywhere, a policy management and encryption system based on Active Directory Application Mode, and Active Directory Group Policy Objects. Encryption Anywhere will allow companies to push policies into the Windows Registry files of connected PCs, and provide user authentication, single sign-on, key recovery, and other services.
Information Security Corp. SecretAgent 5.9 provides signing and encryption of files on Windows, Linux, Mac OS X, Pocket PC, UNIX systems. Plug-ins for Microsoft Exchange, Outlook 98/2000/XP, Novell Groupwise, and Lotus Notes provide encryption, signing, decryption, and verification, and can create self-decrypting archives (attachments) that can be sent to recipients who don’t have SecretAgent. A management console, PolicyAgent, manages groups of users and machines. Policy Agent pushes configuration files to users’ machines, and controls a variety of options, e.g. whether email is encrypted by default, how and where data can be saved, and file overwriting. Secret Agent can be set up to do certificate retrieval via LDAP queries.
PGP’s Whole Disk Encryption for Enterprises locks down the entire contents of a laptop, desktop, external, or USB flash drive, including boot sectors plus system and swap files. Disk encryption runs as a background process that is essentially transparent to users. Key management for users’ email and disk encryption can be managed centrally, and Active Directory (or other LDAP directories) can be used to assign security policies for users and groups. (disclosure: I have done contract work for PGP).
Utimaco is the largest of the disk encryption vendors. Based near Frankfurt, Germany, the company is building a presence in the U.S. and now is included as a standard on all IBM Thinkpad notebooks from Lenovo (IBM). The company’s SafeGuard PushMail encrypts email sent to and from Blackberry devices. SafeGuard SecurE-Mail Gateway is an SMTP server that automatically encrypts and/or signs outgoing emails and decrypts and/or verifies incoming emails. It sits between the firewall and an internal mail server, and provides centralized storage of keys, X.509, and PGP certificates.
Related posts
Security link roundup for 3/7/08 Disk encryption may not be secure enough, new research finds: Declan McCullagh at CNET has a good overview of the recently discovered attacks on disk encryption ...
Link roundup for 11/24/07 TinyURL Outage Illustrates the Service's Risks: TinyURL is one of the most well known services that provide short URL redirection services. It is popular with u ...
USENIX Conference Proceedings Now Freely Available USENIX, the Advanced Computing Systems Association is a professional organization that puts on more than twenty conferences a year including the USENIX Security ...
Syndicate with RSS
Add New Comment
Thanks. Your comment is awaiting approval by a moderator.
Do you already have an account? Log in and claim this comment.
Add New Comment