Rather than encrypting files and folders, which require users to save sensitive information to the right location, encrypting the entire drive is largely transparent to the user and sufficient to ensure data will be kept from prying eyes. Software-based whole disk encryption is one option, but there is a significant performance hit when reading or writing data. Hard disk encryption speeds the process by performing encryption on the disk controller in hardware. In addition, the encryption keys are generated and retained in the drive hardware, protecting them from memory debuggers.
Wave's Embassy Trust Suite and Embassy Remote Administration Server (ERAS) 1.6 offers a useful pairing of hard disk encryption and remote administration. We tested these products and found them to be simple to use. In particular, ERAS makes managing encrypted drives from a central point easy.
Embassy Trust Suite with Trusted Drive Manager is the stand-alone management application for individual laptops. It is pre-loaded on Dell laptops that have encrypted drives, and is an option on laptops from HP and Lenovo. Trusted Drive Manager is an ETS module and allows users with administrative privileges to create encryption keys and manage authorized drive users. TDM also integrates with Windows to provide single sign-on so users that successfully log into the drive are also logged into Windows.
Enterprises, however, should centrally manage these drives to enforce uniform encryption policies and support users that forget passwords and encounter other problems. With ERAS and Trusted Drive Manager, you can centrally manage the secure hard drive , Trusted Platform Management (TPM), and biometric polices on domain computers. ERAS is integrated with Windows, so you can synchronize users' Domain credentials with the encrypted drives for single sign-on and password policy enforcement. If you need encrypted drives, a central manager is a must for effective management.