Encryption - Encryption Tools Matrix

This document provides a matrix of tools available to encrypt data at rest.

Caution: Encryption can make documents, files, or entire disks impossible for other people to read. It can make them impossible for you to read, too, if you loose or forget your encryption key. See Encryption - Issues to Consider Before Implementing Encryption and Encryption - Types of encryption and key concepts before you attempt to implement any of the following tools.

Note: This matrix is a work-in-progress. If the tool you want to use is not currently documented, please check back later.

 Type of Encryption
Type of Solution
 Windows Tools
 Macintosh Tools
 Comments
Document Encryption
Enterprise Level
   Document encryption not supported
at enterprise level see other methods.
  Self-service Office for Windows
Adobe
Office for Mac
Adobe
 
File/Folder/Container encryption Enterprise Level (keys are escrowed)
MS Encrypted File System (EFS) via AD domain    

Self-service MS Encrypted File System (EFS) without AD domain
TrueCrypt (open source)
OS X Disk Utility or File Vault
TrueCrypt (open source)

USB drive encryption Enterprise Level
(keys are escrowed)
McAfee Endpoint Encryption
Symantec Endpoint Encryption (SEE)
MS Bitlocker to Go via AD domain



Self-service MS Bitlocker to Go without AD domain
TrueCrypt (open source)
OS X Disk Utility
TrueCrypt (open source)

Full Disk Encryption (FDE) Enterprise Level
(keys are escrowed)
McAfee Endpoint Encryption
Symantec Endpoint Encryption (SEE)

MS Bitlocker via AD domain
Symantec Endpoint Encryption (SEE)

Self-service MS Bitlocker without AD domain
TrueCrypt (open source)
OS X File Vault
TrueCrypt (open source)


Solution Types

Enterprise Level solutions are products in which the encryption keys are escrowed in the delivery of the solution.  Availability of the encryption keys allows for recovery for files and disks should it be required.

Self service solutions are solutions where the end user bears the burden of ensuring encryption keys and passwords are available for recovery.  The users should consider and understand the implications of using encryption before using these tools. 

Self Service Tools

PC and Mac encryption tools that are bundled with their respective OS's are the preferred self-service encryption tools.  TrueCrypt, an open source product, is the preferred tool when the OS does not have an equivalent encryption tool e.g Bitlocker exists for Vista and Windows 7 only; Bitlocker is not available in Windows XP. 





Keywords:encryption encrypt tools file document FDE enterprise encryptdata@rest   Doc ID:17485
Owner:Allen M.Group:Office of Campus Information Security
Created:2011-03-27 19:00 CDTUpdated:2012-02-15 17:05 CDT
Sites:DoIT Help Desk, Office of Campus Information Security
Feedback:  0   1