Stored File Encryption: Boiled Eggs And Scrambled Data
By Philip Carden The shell of an egg protects its contents. But, once that shell is broken, it's all over--unless it's a hard-boiled egg. The emphasis lately has been on building eggshells--firewalls and perimeter security--around your network. Why not also hard boil, or encrypt, stored data?
Encryption and decryption of stored data don't seem like complicated procedures. But you'll be surprised at the breadth of features we encountered in our review of eight desktop encryption applications for Microsoft Windows95. We tested solutions from Aliroo, Data Fellows, EMD Enterprises, Jetico, McAfee, Security Dynamics Technologies, Software Shelf International and Symantec.
To view the Report card.
File-Protection Approaches The many aspects to desktop security include virus protection, physical access control, network access control, eavesdropping protection and stored f ile protection. Some products or suites address more than one of th ese areas. Our focus during testing was on the products' ability to provide easy-to-use and administer and versatile protection for information stored on disk.
Not surprisingly, a number of different approaches to processing encrypted stored information exist. For instance, Aliroo and McAfee provide for ad hoc encryption on a file-by-file basis only, while Data Fellows and Security Dynamics allow the encryption of entire folders at once. EMD and Symantec extend the folder concept, defining special folders whose contents are always encrypted when not in use. Lastly, Jetico and Software Shelf store encrypted files in a separate container file, accessible via the encryption application interface (Software Shelf) or via a "virtual drive" that appears like a regular mapped network drive under Windows Explorer (Jetico). Finally, though most of the products decrypt the file on disk, EMD and Jetico offer solutions that perform the encryption and decryption process between disk and memory so that data on disk is a lways encrypted.
Of course, stored files may not be the only files you want to protect. You also may need to guard files in transit, such as e-mail attachments. In many ways, sending e-mail attachments introduces a more complex situation--you're adding recipients who don't have decryption software, bandwidth constraints or perhaps the need to share your password. Protecting e-mail attachments is peripheral to the focus of our article, but because many of the products offer e-mail-oriented features, we included it in our testing.
We tested the relative performance of each product, but found that the actual time to encrypt and decrypt a file is very small (subsecond). Consequently, other ease-of-use considerations, such as right-mouse button support, tend to dominate from a user perspective. We found that the performance differences did not justify separate consideration.
Security Dynamics Technologies RSA Secur