This document outlines 6 different options for full-disk encryption software. This document is the result of research completed for project which required disk encryption on portable servers used during survey events at public schools across the lower mainland.
The high-level requirements were:
Ultimately, Veracrypt was the selected technology. It provides extremely strong full-disk encryption, is user friendly and has no licensing fees.
VeraCrypt is a free encryption software which works on the Windows, macOS and Linux platforms. It cost nothing to install VeraCrypt. It is an enterprise-grade encryption software which is quite easy to use, and all it does is to add encrypted passwords to your data and partitions. It is immune to brute-force attacks so you don’t need to worry about hackers decrypting your passwords or other sensitive data. VeraCrypt volumes can be encrypted using AES, AES-Twofish, Serpent, and Twofish with a Key Size of 256 bits. VeraCrypt uses the XTS mode of operation with the header key and the secondary header key (XTS mode) are generated using PBKDF2 with a 512-bit salt and 327,661 to 655,331 iterations. The first release of VeraCrypt was on the 22 June 2013 and has since produced its latest release (version 1.23) on Wednesday 12 September 2018. VeraCrypt is a highly rated disk encryption software and it’s rated on top rating sites such as PC Mag and TechRadar.
DiskCryptor is an open license encryption solution which offers encryption of all disk partitions on the Windows platform. DiskCryptor initially releases from 0.1 to 0.4 were fully compatible with TrueCrypt as it used an encrypted data with the AES-256 algorithm in LRW mode. The current stable version is 1.1.846.118 which was released on 9 July 2014. DiskCryptor supports AES, Twofish, and Serpent as encryption algorithms including the combination of the three. In terms of hardware configuration on the bios level, DiskCryptor does not support UEFI/GPT, you have to change to Legacy/MBR. DiskCryptor isn’t a highly rated disk encryption software as its last release was in 2014 it can’t be verified if the algorithm is immune to brute force attack
Symantec Endpoint Encryption is powered by PGP Hybrid Cryptographic Optimizer Technology and is a proprietary software from Symantec. It is available on both the Windows and MacOS platforms. It has a yearly subscription license starting at $189.00 per license per 1-year subscription through more savings can be gotten via volume licensing. It supports multi-user deployment in both Active Directory and non-Active Directory environments. It has a strong algorithm which uses a FIPS 140-2 validated cryptographic module which complies with a range of government and industry requirements. Symantec is quite popular in the IT community has it has a wide range of security products which it has deployed to high-end customers around the world which makes it one of the top-ranked endpoint encryption software.
Sophos Central Device full disk encryption provides a centrally-managed encryption using Windows BitLocker and Mac FileVault, taking advantage of the technology built into the operating systems. To further simplify the workflow, it can be managed in Sophos Central. With Sophos Central’s web-based management, there is no server to be deployed and no need to configure backend key servers. With Sophos central self-service, users can retrieve their own full disk encryption recovery keys so they can get back to work without having to contact the helpdesk. Sophos full disk encryption uses an agent which is deployed as part of the endpoint enrollment workflow in Sophos Central. It uses an encryption standard of XTS-AES 256 for Windows and XTS-AES 128 for macOS. It is also certified for FIPS and VS-NfD. It has a strong presence with regulated industries such as government, healthcare, education and finance and a long-standing history of certifications for European military-grade encryption technology. For the second year in a row, Gartner rates Sophos has been able to provide capabilities for all protection methods. Sophos Central Device Encryption is available as 30 days free trial and a standard fee of $20.00/user/year
With dell data protection, you can secure data using a comprehensive solution for your business as well as personal use. If you have a business you also need to get the help of a professional in payroll administration services. This software works only on the Windows Operating System and it supports these encryption algorithms: FIPS 140-2 validated” AES 128, AES 256, 3DES Rijndael 128, Rijndael 256, Blowfish, Lite. With Dell data protection, you can ensure that your data is secured, wherever it resides as you can easily enforce encryption policies, whether the data resides on system drive or external media. Dell data protection is highly rated but not popular among users as it is targeted at enterprise users. The price is not readily available as it requires a call for pricing. No information on if it is available as a free trial.