Best encryption software for business in 2020: BitLocker, FileVault, Guardium, and more - ZDNet

Posted: 15 Apr 2020 12:00 AM PDT

When mass data collection and big data analysis exploded on the technology scene, security and encryption, unfortunately, took a back seat.

In a world where data breaches are commonplace -- involving everything from device theft to vulnerability exploitation and open AWS buckets exposed to the world -- businesses both large and small must now educate themselves and employ encryption software to enhance the data they have become controllers of.

Encryption can help protect information stored, received, and sent. Readable information is scrambled through the use of encryption keys, algorithms that can sort through this text and return it to a readable format. Today, the Advanced Encryption Standard (AES) using 128- and 256-bit key lengths, the successor to DES, is in common use worldwide.

If strong encryption and security practices are not in place, businesses are not only opening themselves up to potential cyberattacks, but also the loss of corporate and customer information, fines for non-compliance with laws including HIPAA and GDPR, financial damage, and the loss of reputation.

Below, we list our favorite encryption solutions, suitable for users, SMBs, and enterprise players.

Disclosure: ZDNet may earn an affiliate commission from some of the products featured on this page. ZDNet and the author were not compensated for this independent review.

Free

Best suited for: Windows users who need onboard device encryption

Microsoft's BitLocker, available on business editions of the OS and server software, is the name given to a set of encryption tools providing either AES 128-bit or AES 256-bit device encryption.

The Redmond giant's solution is focused on the encryption of drives on a device out of the box and can also be used to protect removable drives through BitLocker To Go. Recovery keys can also be set to retrieve data should firmware issues or errors prevent IT administrators from accessing encrypted drives.

A set of administration tools, including features such as enabling the encryption of full drives and other media, as well as domain or Microsoft account linking, are included.

BitLocker's hardware specifications require an onboard Trusted Platform Module (TPM) chip and Modern Standby support, two elements generally supported on modern Windows PCs.

BitLocker is built into the Windows operating system but only a limited set of tools are included with Home editions, the standard OS that many PCs consumers purchase. Instead, users must upgrade to Windows 10 Pro or Windows 10 Enterprise to take full advantage of Microsoft's encryption.

Interested in BitLocker? You can check out our user guide here.

View Now at Microsoft

Subscription

Best suited for: Enterprise users who need flexible encryption across multiple environments

IBM Guardium is a data protection platform that pulls together a suite of security tools in an effort to streamline data management and reduce vendor product disparity.

Encryption services are included for corporate data, alongside data discovery and classification, vulnerability scans, data activity monitoring, analytics, and compliance reports, among other features.

IBM Guardium for File and Database Encryption can be used to encrypt on-premise files and databases by leveraging the hardware encryption capabilities of host CPUs including Intel and AMD AES-NI, PowerPC 8 AES, and SPARC.

Data can be encrypted on-the-go without taking business applications offline, levels of encryption can be enabled to match user access rights, and keys can be managed from a central platform.

A useful accompaniment to IBM encryption is access policies that can be set to identify anomalous behavior such as mass copy and deletion of files and directories. Compliance reports can also be generated to adhere to legal requirements set by GDPR, CCPA, HIPAA, PCI-DSS, and SOX.

The solution requires a virtual data security module (DSM) virtual appliance deployed on a VMWare hypervisor. IBM says some clients achieve an ROI of up to 343%.

IBM Guardium is a subscription-based service provided on request and is most suitable for enterprise companies willing to invest in a one-stop-shop solution for data management and protection.

View Now at IBM

Free

Best suited for: Mac users who want on-device encryption.

Apple's FileVault is built-in to the macOS operating system. Apple first introduced FileVault in 2013, later upgrading to FileVault2 on macOS Lion and later versions. The onboard system can be enabled to encrypt all information stored on disk to prevent the theft of data by anyone without access or account credentials. iMac Pro and users of devices with Apple T2 chips will have their information encrypted automatically.

Modern CPU power is leveraged to provide AES 128/256-bit encryption. Users can choose to leverage their iCloud account credentials or generate a recovery key to unlock disks if they forget their standard device password.

However, businesses should not consider FileVault to be a full, robust solution for data security; rather, it is a useful addition for ensuring a basic level of encryption and protection.

View Now at Apple

Subscription

Best suited for: Protecting information on machines used by multiple individuals, collaboration

AxCrypt is an encryption solution that has been widely adopted and should be considered if more than one individual is using the same machine on a regular basis.

Files are secured with AES 128/256-bit encryption on Mac and Windows machines through simple one-click functionality. Once files and directories are secure they can be accessed with a password, of which more than one AxCrypt user can open if they have been given permission to do so. In addition, information can be locked down across mobile devices and encryption standards can be extended to cloud services, such as Google Drive or Dropbox.

Business users can manage passwords through a central platform.

A free, limited version of AxCrypt is available. Yearly subscriptions for premium and business versions, including extended features and licensing for more than one machine, are also on offer.

View Now at AxCrypt

Subscription

Best suited for: Users who need strong encryption across multiple operating systems and the cloud

Kruptos 2 is a professional encryption suite for Windows, Mac, and Android. The strength of the software lies in its versatility, with encryption for content including files and financial data across operating systems, mobile, portable storage, and cloud services including Dropbox, Microsoft OneDrive, Apple iCloud, and Google Drive.

Information is protected with AES 256-bit encryption and files can be shared across compatible platforms. You can also use Kruptos 2 as a strong password generator as well as a sensitive information vault by taking advantage of the secure note editor.

The software also includes a file shredder for securely wiping data.

Kruptos 2 operates on a license model in which you only need to purchase the software once. The cheapest option is a single license for macOS and Windows machines at $39.95.

A cross-platform bundle is on offer for $64.95 and an additional solution, the Kruptos 2 to Go USB vault, can be purchased as a bolt-on for $24.95 -- or together with the cross-platform option for a total of $79.95.

$40 at Kruptos2

Subscription

Best suited for: Users that need enterprise-wide encryption

Trend Micro's Endpoint Encryption software, part of the Smart Protection Suites range, can be used across Macs, Windows machines, and removable media to encrypt either full disks or individual files and folders.

AES 128/256-bit encryption is on offer through passwords and multi-factor authentication across endpoints. Multiple user and administrator accounts can be set for individual devices.

Other functionality includes the release of one-time passwords to access endpoint data, the remote wipe or lock of stolen devices, lockouts automatically enabled in response to failed authentication attempts, and the support of consumer-grade encryption services including BitLocker and FileVault.

The management console for the software and keys can be integrated with other Trend Micro software. In addition, the suite is FIPS certified.

Trend Micro's Endpoint Encryption solution is priced based on request.

View Now at Trend Micro

Subscription

Best suited for: Those who need end-to-end encryption for cloud storage services

Businesses that mainly employ cloud storage rather than on-premise services should investigate Boxcryptor as a possible encryption solution of value.

Boxcryptor is a cloud-focused encryption software supporting a total of 30 cloud services including Dropbox, Google Drive, and Microsoft OneDrive. A combination of AES 256-bit encryption and RSA encryption is utilized.

Boxcryptor calls itself a "zero-knowledge provider" and aims to make spreading encryption across multiple services and mobile devices as easy as possible.

Passwords, password keys, and file keys are kept on user devices, while business user keys, group keys, and company keys are encrypted and stored on the Boxcryptor server.

The vendor uses a data center in Germany that is ISO/IEC 27001:2013 certified.

Boxcryptor has a limited, free option available for up to two devices. A personal subscription costs $48 per year, whereas an account for business use is priced at $96 for a yearly subscription.

View Now at Boxcryptor

Subscription

Best suited for: Users who require real-time management of encryption and applications

Sophos SafeGuard Encryption should be considered by enterprise users that want to ensure content is encrypted the moment it is created.

The SafeGuard Management Center connects to BitLocker and FileVault for the control of access credentials and keys and the AES 128/256-bit encryption of either full disks or individual files. Users and applications are verified in real-time to protect data, and passwords can be created on the fly for sharing content.

Mac, Windows, and Android are supported.

Sophos SafeGuard Encryption is on offer through different licensing models depending on whether a client requires web, on-premise, disk encryption, or a central management platform.

View Now at Sophos

Subscription

Best suited for: Financial data holders

TokenEx is an encryption offering that specializes in the management and security of financial data.

This data protection suite offers tokenization as a data steward -- the substitute of sensitive information, such as card numbers and PII, with other data "tokens" removing its intrinsic value -- to enhance the security of customer records.

Batch processing of customer financial data takes place through browser platforms and mobile software without the need to store customer information on-premise. AES 256-bit encryption is overlaid across the tokenized data.

TokenEx, which is PCI compliant, is available as a licensed product with a range of payment options.

View Now at TokenEx

What we look for in encryption software

ZDNet's recommendations are based on major themes: Strength, flexibility of use, and multi-device and OS support.

While some users and SMBs may need no more than simple, standalone encryption offerings to protect content on PCs, today's encryption solutions in the enterprise space -- especially important for larger firms -- must also keep hybrid environments and remote working in mind.

Made even more crucial at present due to COVID-19, there is a high demand for encryption solutions able to protect corporate, sensitive data that may be accessed remotely by workers and hosted either in the cloud or in company networks. Strong encryption is now necessary when files must be shared with others not only to maintain your privacy but also to ensure data does not end up in the wrong hands.

ZDNet Recommends

Zoom, WhatsApp, Facebook Messenger Rooms, Google Duo: which video-calling app do I use? - The Hindu

Posted: 30 Apr 2020 02:22 AM PDT

The COVID-19 lockdowns and quarantines across India has observed a major flip in our daily routines, the most noticeable being working from home in order to flatten the curve. So to keep up with social interactions, video-conferencing apps have become a necessity. Not all of these apps' journeys have been a fruitful one, particularly owing to security worries or technical glitches.

Here is our breakdown of trending video-chat apps, their purpose, their security features, and, of course, how to access them:

Zoom

Favoured by schools, corporates and individuals, Zoom's number of daily meeting participants has grown to 300 million. On April 29, Zoom 5.0 rolled out globally. Eric Yuan founded Zoom in 2011, and launched its software in 2013.

Prominent features include a screen-share option for presentations. Zoom's bells and whistles come in the form of the virtual background feature in that users can access a photo from their personal gallery and set that as their own meeting background. This feature works best with a green screen and uniform lighting, to allow Zoom to detect the difference between you and your background. Plus, there's a retouch filter available.

An example of a user in Zoom's meeting room

Security: As a response to the five lakh accounts leaked to the Dark Web, Zoom 5.0 was released with support for AES 256-bit GCM encryption, which claims to provide added protection for meeting data and greater resistance to tampering.

Additionally, if the host leaves, they can now easily select a new host and have the confidence that the right person is left with host privileges. In terms of data recording, admins and meeting hosts can set expirations on their cloud recordings and can disable the sharing of their recordings.

The new version also has a new encryption shield in the upper left of a user's Zoom Meeting window, indicating a secure, encrypted meeting. After May 30, the shield will be green for all users, denoting enhanced GCM encryption.

Devices and access: Zoom's Basic plan allows up to 100 participants at a 40-minute time restriction, but unlimited one-on-one meeting time. There are numerous paid plans for different institutes, such as business, education, developers and telehealth. Zoom Webinar has been quite popular during lockdown while the under-discussed Zoom Phone is the platform's cloud solution.

Houseparty

Founded in 2016 by Sima Sistani and Ben Rubin and then purchased by Epic Games in 2019, Houseparty is 'face-to-face social network' which has been popular for its recreational USP and for the simple way a host can kick off a virtual party through the app.

Users can also play virtual games within their group, such as Heads Up!, Trivia, Quick Draw, and Chips and Guac!. One can also 'sneak' into a Houseparty, without alerting their contacts.

The Chrome interface for Houseparty | Photo Credit: Houseparty

Security: According to the developers, "Houseparty is secure. There have been no data breaches and no exposure of customer data or third-party accounts." Users must remember to 'lock' their parties to prevent virtual gate-crashing from uninvited users. The minimum age for Houseparty users is 13 years, but it is advised that parents keep an eye on their teenagers' activities on the app if access is allowed.

Devices and access: Available on iOS, Android, Mac, PC, and as a Google Chrome extension. Houseparty allows unlimited participants and is free to download, with no in-app paid purchases.

Having this app is a no-brainer for anyone whose phone has data capabilities. WhatsApp, initially released in May 2009, has seen major overhauls through its years, its biggest being that in 2014, it was acquired by Facebook.

To keep up with the competitive market of video-chat apps, WhatsApp finally doubled the number of participants users can have on a WhatsApp video or voice call from 4 to 8 people at a time. According to an April 28 blog post by WhatsApp, "Over the last month, people on average are spending over 15 billion minutes talking each day on WhatsApp calls, well above a typical day before the pandemic."

WhatsApp's 8-caller interface | Photo Credit: WhatsApp

Devices and access: WhatsApp's video chatting facility is available on iOS and Android, and on Portal by Facebook (not available in Indian markets).

Security: WhatsApp's end-to-end encryption ensures that only you and the person you're communicating with can see what is sent, and nobody in between, not even WhatsApp.

Facebook Messenger Rooms

While Facebook does own WhatsApp, the social media platform has launched its own video-conferencing app: Facebook Messenger Rooms. According to an April 24 blog post by Facebook, " Between WhatsApp and Messenger, more than 700 million accounts participate in calls every day. In many countries, video calling on Messenger and WhatsApp more than doubled, and views of Facebook Live and Instagram Live videos increased significantly in March."

Creating a meeting room through the app is simple and, soon, up to 50 participants can be in one meeting room without any time limit.

Security: Not everyone is a fan of Facebook's idea of privacy. "While there are significant challenges to providing end-to-end encryption for video calling with large groups of people," explains a Messenger Rooms privacy piece written by Erin Egan, Chief Privacy Officer, Policy, "we're actively working toward this for Messenger and Rooms."

The post also states, "Regardless of whether you use Rooms through your Facebook account or join as a guest, we don't watch or listen to your audio or video calls... We also worked with our security team to make Rooms links difficult for hackers to guess. Our room links have a string of random characters and digits at the end, with numbers and letters in different cases. This makes it challenging for hackers to guess the exact combination of characters, and a new link is generated every time you create a room."

At the moment, rooms can be locked or unlocked once a call begins. If a room is locked, no one else can join, except a Group admin for rooms created through a Group.

Devices and access: The new feature allows non-Facebook users to join video calls using a link sent by the chat room creator. Plus, Facebook users can start a video chat room and share it on their News Feed, Group or Events. If the discussion is open, people can join; if closed, a link to the room will give them access.

Google Duo

Unlike Hangouts where text messages can be sent, Google Duo is only for video calls and has recently upped its group-calling limit to 12. The platform was first announced at Google developer conference in 2016 and became popular for its simple methodology in experiencing high-quality video calls.

Users can also add effects to personalise Duo calls or apply a portrait filter to make themselves look sharper against the background with Effects and Portrait Mode.

A mobile device's and a laptop's interfaces with Google Duo | Photo Credit: Google

Security: Duo uses end-to-end encryption to keep video calls private; a call's data (its audio and video) is encrypted from your device to your contact's device. The encrypted audio and video can only be decoded with a shared secret key. Also, Duo doesn't store your facial data or send it to Google servers.

Devices and access: Available through Android phones, iPhones, tablets, computers, and Smart Displays like the Google Nest Hub Max (not available in Indian markets).

Skype

Microsoft-owned Skype revealed on April 27 that the number of people using Microsoft's Skype video calling system has surged by 70% in a month to 40 million people presently. Additionally, Skype-to-Skype calling minutes jumped 220% from a month earlier.

Founded in 2003 by a group of Scandinavian developers, Skype was acquired by Microsoft in 2011, having quickly become a favourite during a time video-calling applications were not saturating the global tech market.

Currently, Skype's free plan allows 50 callers on a group call. Users can blur their backgrounds on a video call and also engage in screen-sharing for presentations and demos. Plus, Skype also has a real-time translation tool for video calls.

Skype's interface on a laptop | Photo Credit: Skype

Security: Skype's encryption is inherent in the Skype Protocol and is transparent to callers. Skype is not considered to be a secure VoIP (Voice over Internet Protocol) system as the calls made over the network do not make use of end-to-end encryption

Devices and access: Available across all major device platforms and major browsers, voice assistants like Alexa, and on Xbox consoles.

Microsoft Teams

Microsoft Teams is the hub for communication across Microsoft 365 suite, and we would say this is more corporate-oriented than the others listed here. Over the ongoing lockdowns, Teams has seen considerable usage surges. Last month, Microsoft recorded 44 million daily users and on April 29, Microsoft CEO Satya Nadella revealed that Teams usage has increased to more than 75 million daily active users, and that Microsoft saw 200 million meeting participants in a single day this month.

Users can host 1080p calls with up to 250 members, which includes the ability to share screens and record calls. Users can also meet or collaborate on-the-go using Microsoft Teams apps for smartphones and tablets.

Teams also has a Live Events feature, where up to 10,000 people can join as an audience member with a four-hour time limit for the event. In late April, Teams will be upping the audience member limit to 20,000 with a 16-hour time limit.

An example of video calling through Microsoft Teams | Photo Credit: Microsoft

Security: According to Microsoft, users' data is protected from malware in attachments, accidental sharing via chat or files, and suspicious user activity. Information is secure with encryption, Multi-Factor Authentication, and device management.

All recordings of meetings are accompanied by a notice that a recording is taking place. The notice also links to the privacy notice for online participants, and the meeting organizer controls which attendees have permission to record.

Also, channel owners can moderate a channel conversation and control who is and isn't allowed to share content in channel conversations. This helps ensure only appropriate content is viewed by others.

Devices and access: Anyone with a Microsoft 365 account can access Microsoft Teams, available on iOS and Android, as well as Windows desktop app.

Search This Blog

Android Full Encryption