Jetico BCWipe Enterprise Removes Sensitive Data

Data encryption hides sensitive data from prying eyes. File wiping securely deletes what is left over.

June 27, 2009

3 Min Read
NetworkComputing logo in a gray background | NetworkComputing

Jetico, located in Finland, announced BCWipe Enterprise with Enforcer designed to give enterprise administrators command and control over secure data deletion policies. BCWipe Enterprise can be installed via system management tools like SMS or LANDesk, can run as a Windows service, and can be configured to wipe protected files like system files at boot time. Volume list pricing is 100 licenses - $73.90 per license; 1000 licenses - $39.30 per license. It's a bit high but compared to a data leak, could be a good investment.

There are many facets to data protection including access controls which are largely operating system dependent  and encryption. Most file and folder encryption products require user interaction or require users to remember to use a special folder. Getting users to change behavior can be a lesson in futility and with file and folder encryption, parts of sensitive files can be leaked to the operating system via virtual memory swap and temporary files. Full disk encryption is easier on the end-user but with full disk encryption, secure wiping of data on shared computers may be desirable. Many of the secure wiping utilities suffer from the same user interaction issues as file and folder encryption.

BCWipe Enterprise with Enforcer centralizes the secure wipe policies so an administrator can configure default actions. For example, BCEnterprise can be configured to periodically wipe specific files and folders, including the Recently Used Files folder in Windows which prevents knowledge of what files have been opened from leaking. File names can include wildcards so you could write a rule to delete all spreadsheet and document by file extension. BCWipe adds a Delete and Wipe option to the explorer right click menu, but we'd like the option to replace Windows Delete menu item with delete and wipe, something Jetico says the are developing for a future release, so that users don't have to make a choice.

Administrators can even schedule periodic wiping of slack space—the extra unused disk space used at the end of a file; the wiping of free space—the disk space that is unused but may contain information from deleted files, and the discovery and wiping of NTFS alternate data streams which  is a way to attach multiple files to a single file name. A program  may attach an icon to a file as an alternate data stream rather than adding an independent file. Administrators can also initiate remote file wipes from the management station as well.

BCWipe Enterprise can also delete files and directories locked by Windows such as system folders which contain temporary files, cookies, etc. Wiping the hibernation file is particularly useful because the hibernation file contains a snapshot of RAM and other information needed to take a computer to and from hibernation mode (hibernation actually turns you computer off, sleep or stand-by just reduces power consumption but your computer is still running).The remaining system file, the memory swap file, can also contain sensitive information. BCWipe Enterprise includes swap file encryption which encrypts data written to the swap file and decrypts the data as it is read back. Virtual memory stored in swap files are not useful after a reboot, but the data persists on disk. By encrypting the swap file using a new key that is generated at boot time and doesn't persist between reboots, even if a computer is turned off without going through a proper shutdown, the data in swap is protected.  Since a new key is generated at each boot-up, data written to the swap file from a previous session is protected.  Jetico does recommend that you delete the swap file at least once before enabling swap encryption since only new data that is written to the swap file is encrypted, not the file itself.

BCWipe Enterprise can be customized to your needs by selecting from Rijndael, the basis of AES, Blowfish, Gost 28147-89, or TwoFish encryption algorithms. You can also select between multiple wiping schemes like one random pass, DoD 5200.28-STD, and Peter Gutmann as well as creating your own.

SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like


More Insights