« RFID tags in US Passports – a security nightmare
NSA, only wiretap after a terrorist attack? »

Data encryption for the masses

Back in June I wrote several posts about the need to use encryption to minimize the threat posed by lost or stolen data files.

Window has some support for this now. The Microsoft solution incorporates data recovery in the event that the user looses the key.

But other tools exist to allow individuals and organizations protect their data. Given Microsoft’s track record, perhaps looking at a third party application may be ideal.

One such tool is SecurityVault by Rocket Software.
http://www.rocketsoftware.com/portfolio/vault/

Data is protected in a “lock box” that is protected by password and encrypted using 128 bit AES.

Here’s a feature overview from the vendor site:

  • Each open lockbox appears as a unique drive letter on your computer. Using this drive letter, you can access the contents of your lockbox in exactly the same way that you access your regular disk drives.
  • Create any number of lockboxes within which confidential information can be stored. For example, you may wish to create separate lockboxes for business and personal data.
  • Optionally prevent your lockbox content from being ‘indexed’ by Google Desktop Search when your lockbox is open (lockbox content is always undetectable when closed).
  • Open and close your lockboxes with the stroke of a key.
  • When your lockboxes are closed, all trace of the data stored therein is removed from the system, including the filenames and directory structure of your secure content.
  • Transfer lockboxes from machine to machine by simply moving the lockbox data file.
  • Protects your data using a 128-bit Advanced Encryption Standard (AES) cipher.

I’m interested in the drive letter thing. Yeah you might be able to prevent Google Desktop Search from indexing it, but if there is malware on the machine that is targeted to read the contents of all mounted volumes, you are screwed. I wonder if an administrative share gets set up automatically :(

In either case, options exist for desktop and laptop data security…

Oh yeah, the vendor is working with USB manufacturers to see if they can start incorporating the software on new USB drives. That would be sweet. Almost one step from full disk encryption!

Transparency and ease-of-use will be required for widespread adoption, locally or in the enterprise. I haven’t done the research, but I would still really like to see a fully transparent disk encryption scheme. no user involvement needed.

Bill

This entry was posted on Sunday, September 10th, 2006 at 6:56 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply