Encryption - Encryption Tools Matrix

This document provides a matrix of tools available to encrypt data at rest.

Caution: Encryption can make documents, files, or entire disks impossible for other people to read. It can make them impossible for you to read, too, if you loose or forget your encryption key. See Encryption - Issues to Consider Before Implementing Encryption and Encryption - Types of encryption and key concepts before you attempt to implement any of the following tools.

Note: This matrix is a work-in-progress. If the tool you want to use is not currently documented, please check back later.

Type of Encryption	Type of Solution	Windows Tools	Macintosh Tools	Comments
Document Encryption	Enterprise Level			Document encryption not supported at enterprise level see other methods.
	Self-service	Office for Windows Adobe	Office for Mac Adobe
File/Folder/Container encryption	Enterprise Level (keys are escrowed)	MS Encrypted File System (EFS) via AD domain
	Self-service	MS Encrypted File System (EFS) without AD domain TrueCrypt (open source)	OS X Disk Utility or File Vault TrueCrypt (open source)
USB drive encryption	Enterprise Level (keys are escrowed)	McAfee Endpoint Encryption Symantec Endpoint Encryption (SEE) MS Bitlocker to Go via AD domain
	Self-service	MS Bitlocker to Go without AD domain TrueCrypt (open source)	OS X Disk Utility TrueCrypt (open source)
Full Disk Encryption (FDE)	Enterprise Level (keys are escrowed)	McAfee Endpoint Encryption Symantec Endpoint Encryption (SEE) MS Bitlocker via AD domain	Symantec Endpoint Encryption (SEE)
	Self-service	MS Bitlocker without AD domain TrueCrypt (open source)	OS X File Vault TrueCrypt (open source)

Solution Types

Enterprise Level solutions are products in which the encryption keys are escrowed in the delivery of the solution. Availability of the encryption keys allows for recovery for files and disks should it be required.

Self service solutions are solutions where the end user bears the burden of ensuring encryption keys and passwords are available for recovery. The users should consider and understand the implications of using encryption before using these tools.

Self Service Tools

PC and Mac encryption tools that are bundled with their respective OS's are the preferred self-service encryption tools. TrueCrypt, an open source product, is the preferred tool when the OS does not have an equivalent encryption tool e.g Bitlocker exists for Vista and Windows 7 only; Bitlocker is not available in Windows XP.

Keywords:	encryption encrypt tools file document FDE enterprise encryptdata@rest Suggest keywords	Doc ID:	17485
Owner:	Allen M.	Group:	Office of Cybersecurity
Created:	2011-03-27 19:00 CDT	Updated:	2012-02-15 17:05 CDT
Sites:	DoIT Help Desk, Office of Cybersecurity
Feedback:	0 0 Comment Suggest a new document Subscribe to changes