If you're worried about fragments of temporary files from office, explorer cache, residual data in sectors when a file is deleted (but not overwritten many times), and swap-file residual data, then you need disk encryption at the sector level.
Not to mention current surveys like this: http://news.com.com/Confidential+data+really+is+at+risk/2010-1029_3-6108603.html?tag=html.alert Vista has 'bitlocker': http://www.apcstart.com/site/pschnackenburg/2006/08/1066/your-money-or-your-hard-drive-vistas-full-disk-encryption-benchmarked There are products around such as: WinMagic, SecureGuard, TrueCrypt, SecureStar, to name a few. Some laptop vendors provide hardware option - Dell & HP, but I haven't looked at enterprise capability. [I am unaligned to products] Most products sit below Windows / Linux and add moderate overhead to CPU a few percent (if doing AES encryption). Don't know about I/O latency. They can convert disks in-situ. Standard backup utilities, through O/S continue to work. Disk-level imaging tools, however, need special consideration. They can work with passphrases, smartcards and USBkeys that operate pre-boot. For enterprise use, the key considerations are: * Recovery, Recovery, Recovery, Help Desk, Support, Auditability * If user loses usbkey, smartcards or forgets passphrase, you need over-ride * Encryption needs to extend to USBDrive and CD/RW - DVD/RW (some products do this as part of same scheme) * Multi-user login i.e. handle multiple keys * Group users of USB keys i.e. workgroup crypto-keys * Auditors - need to be able to break-the-glass - escrow / recovery * Systems Support - ditto * Multiple boot / Compartmented operating systems e.g. one environment for uncontrolled surfing, and another boot image for corporate LAN? You need a Key Escrow server, or ability to distribute sets of keys to workstations. In enterprise environment you absolutely need audit / system support keys in addition to normal (Deployment of sofware is also consideration.) If you're concerned about real pedigree of security, then you also need to be looking for evidence of independant security accreditation such as FIPS140-2, EAL4 etc. Enjoy!! Andrew Probert Seurity Consultant (CISSP) Trusted Solutions Pty Ltd +61 419303705 Australia --------------------------------------------------------------------------- ---------------------------------------------------------------------------
