Recommended Security/Encryption suite

[tux633k]

Hi I wasn't sure if I should post this topic here, but in any case I was wondering if anyone has any recommendations on an Encryption software suite to do it all - encryption/decryption, pwd mgmt, usb encryption etc.  I just don't want to break the bank so to speak.  I'd like for it to be affordable but I might be asking for too much already.  We're a small shop of about 100 employees but I may not need to encrypt everyone's system just those that deal with sensitive/confidential data.  From what I read I like the GuardianEdge software but I don't know how much this costs.

Thank you.

[sil]

The problems you WILL run into will be the management of the suite and user-end training. An issues with simply allowing users to run their own "privacy suite" is when their employment comes to an end. What will you do if you don't have the ability to decrypt what an employee encrypted.

Imagine for a minute having a top scientist at your company. He discovers the cure for Foobalia a terminal disease. He's been taught to encrypt everything he does and does so. He passes away... He leaves for another job... He is arrested... *Something* happens where you need that data. What are you going to do. How much time and money will it cost you to attempt to recover that data.

Let's look at the alternative. 100 Employees. You will need to train them all, mandate they all use it, configure it, maintain it. So you think... "rescue disk!"

RD = Rescue Disks
M = Minutes

100(RD) * 20(M)  = 2000 / 60 = 33 hours to configure

There is a hidden slash un-thought-about cost factor here. You could (if properly) deploy a script to autodownload, install, back-up the program. However, there is still management and user-end training.

On the low end of the pricing spectrum there is Steganos which doesn't allow for *true* enterprise scalable configuration.
http://www.steganos.com/us/products/data-security/privacy-suite/overview/

Then there is something like Voltage (http://www.voltage.com/products/index.htm) where all is centralized including being able to send out emails where the receiver (even if they don't have say PGP) could decrypt. Key management is made simple so you don't run the risk of say rogue employees changing keys/pasphrases, etc.

Voltage at the end of say a 3-5 year lifespan will eventually come out cheaper via terms of configuration, deployment, usability not to forget that if someone leaves, you won't shoot yourself in the foot wondering whether or not your data is gone (encrypted beyond the point of no return)

[yatz]

I think a combination of Rights Management (RMS) and Bitlocker.  Again, it depends on your environment, but if you are running Windows then this kinda stuff comes with Vista/7 and Windows Server 2008.

[former33t]

I'm with Sil on using Voltage.  They simplify key management and data recovery, which will be your biggest concerns in any company of more than say five employees...  A truly stable PKI implementation for a company of your size will cost a LOT to deploy in terms of man hours. I have to assume that you have a full time job before trying to develop and deploy a PKI so something that is more or less plug and play is probably your best option (as it doesn't sound like you have enough people to justify a consultant to deploy the infrastructure for you.

Whatever you do, don't cut corners.  A bad PKI design likely makes your information MORE vulnerable.  People start to consider all critical information being encrypted as a mitigating factor for other vulnerabilities (which is really isn't).  Then people leave holes open that they wouldn't otherwise.  Bad situation all around.

Good luck.