Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Credant Mobile Guardian 5.1 Enterprise Edition

Microsoft's Encrypting File System (EFS) has its limits--it doesn't support detailed management of data across the enterprise and lacks the technology to keep information secure when it's legitimately (or not) copied to PDAs and removable storage media. Other encryption tools aim to do better, with most vendors taking the full hard disk encryption approach. The Credant Mobile Guardian (CMG) takes a different tack. The Enterprise Edition lets administrators define central policies to incorporate what file types and directories should be encrypted, what encryption standard to use, whether to encrypt data copied to removable storage media and much more.

Good

• Intelligent encryption based on user running process, not just location of files
• Supports wide range of PDAs
• Encrypts swap file and password hashes stored in Registry

Bad


• Management interface only supports Internet Explorer
• Lack of full hard disk encryption could allow information leakage from visible file names and directories
• Only supports Windows desktop OSs


Volume pricing starts at $78 per user. Credent Technologies, 866-CREDANT www.credant.com

The data encryption process is completely transparent to end users, and concerns over data loss from lost or corrupted encryption keys is addressed through automatic key escrow on the enterprise server when the keys are first created.

There are trade-offs in choosing Credant's approach over the full hard disk approach favored by vendors such as Pointsec. Because it's not a full hard disk encryption product, file directory information on desktops, laptops, PDAs and removable storage media is accessible. On the other hand, with a full disk encryption product, booting the OS completely decrypts the hard drives. That's something Credent avoids by not encrypting the Windows and Program Files folders, enabling systems to boot easily. Plus, the files and folders you do encrypt are decrypted only on the fly as needed, which may be the better route to take when dealing with highly sensitive data, especially as it moves across mobile platforms.

CMG Enterprise is made up of three components: Enterprise Server, PDA and Windows Shields, and Gatekeepers. The CMG Enterprise Server consists of central services for management and integration with LDAP directories such as Active Directory, iPlanet and Novell. CMG Windows and PDA Shields are installed on desktops, laptops and PDAs to protect data at rest. Local Gatekeepers are installed on desktops and laptops to monitor and protect data copied to removable storage media. Windows 2000, XP Professional and Server 2003 are the supported desktop, laptop and server OSs (note the lack of support for Linux). CMG's encryption is FIPS 140-2-certified and includes AES 128, AES 256, Triple DES and Blowfish.

  • 1