Three recommended products for encrypting confidential data
Author: Aleksandar Kragl, Senior DBA
Introduction
How many times in recent years has a story in the news about stolen or lost computers or disk drives drawn your attention? Such news certainly was not comforting to people whose confidential information was stored on those computers and potentially compromised. These days it is too easy for someone with malicious intent to steal another person’s identity just by knowing a few critical pieces of information about them. Consequences of such actions are difficult, expensive and time-consuming for a victim to correct. We all keep at least a part of our life in digital form, conveniently stored on our computer disk drive, and maybe even properly backed up. But what if your personal computer is lost or stolen? What if your business computer where you keep all the important client information gets lost or stolen? Would you be able to sleep peacefully at night knowing that private and confidential information of your clients is protected from harm and misuse?
There are many software and hardware based tools today on the market that can help you protect your information by encrypting it, making it scrambled and essentially unreadable to anyone who does not posses the right key. Few of them are powerful and simple enough for everyday use. And few of those are free!
Enter TrueCrypt
This is one of my favourite pieces of software. It is very simple to install, very intuitive to use, and is well documented with powerful features. Its implementation is constantly reviewed and improved upon by the core group of open-source community developers that maintain it. It allows you to encrypt either your complete hard drive, one of its partitions, USB key, or to create encrypted files that act like virtual hard drives when activated. It implements some of the strongest encryption algorithms available for civilian use today, among them AES-256 that is an officially mandated standard for all US government Top Secret documents. It allows you to define and use two of the three possible types of keys – password (“what you know”) and/or token (“what you have”). One additional feature TrueCrypt offers is called “hidden volumes”, which essentially allows you to create encrypted volumes inside your original encrypted volume. This feature comes handy if you fear that someone might force you to divulge the password that encrypts the information. If you store all your truly sensitive information inside of your hidden volume, you can provide the password under threat and avoid the danger without compromising truly vital information – what is called plausible deniability. All algorithms implemented are mathematically proven unbreakable by brute force at present time and will remain so for a number of years. Once installed, TrueCrypt is very unobtrusive and allows you to easily use it in several different ways, which we found to be of primary importance with these kinds of tools. It is free for both personal and commercial use, and regular updates are provided approximately every six months.
Where to obtain it: www.truecrypt.org
Platform: Windows, Linux
Trusty Sidekick – Encrypt On Click
On the other side of the functionality spectrum, when you just need to quickly encrypt just a few files or even whole directories, and do not need to utilize the versatility of the full-featured TrueCrypt, there is always EncryptOnClick. This small and elegant application is very simple to use, with an unusually clean, minimalist user interface consisting of just 4 buttons. It offers only one choice, but a very strong option, for file protection – password-based AES-256 encryption. Just install it and from then on, without any additional set-up, it will be available at the click of the mouse to encrypt or decrypt any existing file or directory on your computer. Like TrueCrypt, it is free for personal and commercial use.
Where to obtain it: www.2brightsparks.com (click on Downloads, then Freeware)
Platform: Windows
The Best One?
This review would not be complete without mentioning at least one commercially available product in this area. We found BestCrypt from Jetico, Inc. to be a powerful, fully featured and versatile software application for encryption purposes and generally similar to its free counterpart TrueCrypt. BestCrypt also offers a set of powerful encryption algorithms for you to choose from, including the aforementioned AES-256, virtual encrypted disk drives, encrypted physical hard drives, hidden volumes (providing you plausible deniability), two types of keys, and the ability to disconnect your encrypted volumes if they sit idle for a set amount of time. On the plus side, it offers protection from accidental deletion of your encrypted files, and an option to turn your encrypted hard drives back to their original, decrypted state without reformatting them if you so desire down the road. On the down side, to obtain all of this functionality you will need to install two separate BestCrypt applications making it a little less convenient to use. Also, you cannot turn off BestCrypt Control Panel even if you do not have any encrypted volumes in use at the moment, meaning it will always use at least a little of your computer resources. Another minor issue is that BestCrypt will not warn you if your chosen password is “weak” (not long or complex enough). BestCrypt is offered in two configurations – Standard, starting at $59.95USD per computer, and Corporate, starting at $ 99.95USD per user. Volume discounts are available for both configurations. A free 30-day trial is available.
Where to obtain it: www.jetico.com
Platform: Windows, Linux
Conclusion
Getting familiar with and using any of these three programs is like hiring your own highly experienced data security guard who ensures the files you want to keep safe and out of view from others stay that way. It can even be a source of competitive advantage if you inform your clients about all the steps you are taking in order to keep their confidential information protected at all times while in your care.
One important thing to keep in mind is that you are entirely responsible for remembering the passwords you use with any of these programs. If you forget the password, there is no method for retrieving it.
About the author
Aleksandar Kragl is a Vancouver-based IT consultant with 15 years of industry experience. He is a Data Architect, Data Analyst, senior certified Oracle DBA, Systems Analyst and Developer. He is currently providing Oracle DBA and related services for a large, international client.