So you backed up last quarter’s financial earnings report onto your external hard drive, no big deal.
And yeah, you lent Frank a copy of the same data on a flash drive, burned it to a disc to mail to the branch office, put a shared version on your company’s intranet, and then you put a copy on your iPod – just for kicks. These days, sensitive data can reside on so many different types of devices that endpoint security has been completely redefined.
Security vendor Symantec says it’s trying to ease the burden of IT administrators who must attempt to keep a seal on corporate data. The Cupertino, Calif.-based company is releasing Endpoint Encryption 7.0 today, a piece of management software that provides advanced encryption for desktops, laptops, and removable storage devices (including your iPod).
“It’s very simple to use and to administer, and it provides a really high level of protection,” says Rich Langston, senior manager of product management at Symantec. “We’re protecting the data on any piece of removable media, or the data on your hard drive.”
In fact the product comes in three versions – the Full Disk Edition, Removable Storage Edition or the version that includes both. Licenses per year cost $72 per user for one of the products or $107 per user for the all-inclusive version. Order more than 1,000 licenses and there’s a discount.
Many security analysts will vouch for encryption as a mantra to prevent potentially embarrassing and costly data leaks of corporate information. Theft or loss of data was the cause of most data breaches that could have potentially resulted in identity theft (57 per cent of the total), according to Symantec.
Case in point, a U.K. prison recently lost a USB memory stick containing the medical details of more than 6,000 prisoners. The data was encrypted, but the password to unlock the encryption was written on a note attached to the drive.
Clearly there’s a need to be met for encryption products, says Andrew Jaquith, senior analyst with Forrester Research, located in Cambridge, Mass.
“It’s one of those things where it’s a warm security blanket, and you can choose to encrypt everything,” he says. “The likelihood of having a toxic data spill is reduced.”
Full disk encryption is pretty much a standard process with not many dramatic differences between vendors, he adds. The real difference in the products is the management tool made available to IT admins who must oversee the encryption process.
Endpoint Encryption 7 is designed to run on Windows-based machines and offers Advanced Encryption Standard in 128-bit or 256-bit lengths. To the end user, the encryption is transparent after they enter a password on booting up their system. IT admins can set policy usage rules to determine how the user can take data off of their system and move it around.
“If you wanted to securely pass around a disk with some financial information on it in a group, you can give everyone a password to unlock that data,” Langston explains. “Or you can place the security certificate on their machines before they even get the disk.”
Users can put a collection of files onto their removable media with a self-extracting archive. Then only authorized users would be able to extract that archive to see the data on the disk.
Symantec also provides a light-weight utility that will decrypt files that users want to take home to work on. Again, IT admins can choose to allow or block this function.
Endpoint Encryptions first debuted last March when Symantec rebranded GuardianEdge Technologies software through an OEM licensing deal. Symantec has said they eventually plan to package the encryption tool into their Endpoint Protection site that also includes anti-virus, network-access control, device control, intrusion prevention and firewall capabilities.
There are no plans to do that in the short term, but it remains a possibility, Langston says.
Symantec’s approach to encryption differs from McAfee’s strategy, Jaquith says. The competing security vendor bought SafeBoot to provide endpoint encryption. But Symantec is partnering to provide theirs.
“I don’t know if this is one of those date-before-you marry situations where they re-brand now and then if it’s a real barnburner for them, buy this later,” he says.
The new release includes several features that aren’t in Version 6. IT admins are no longer limited to encryption on computers that use ActiveDirectory. Now non-domain computers and Novell e-Directory computers are supported as well.
Admins will also enjoy some better reporting features that make it easier to see whether a system is currently encrypted or not, and to identify what has been decrypted, Langston says. A new recovery tool can also help retrieve data from a disk that is failing.
The tool can be deployed with Symantec’s Altiris Software Delivery Suite, which helps admins keep desktop machines configured consistently and allows for easy patching.
“We’ve targeted this product for any buyer who has these types of concerns,” Langston says. “We’ve had interest and success selling to small law firms and to very large enterprise customers.”
Companies running other Symantec software will be tempted to add this to their line-up, Jaquith says. But, “the pricing on encryption products are artificially high because they are in demand.”
Symantec’s pricing is competitive compared to other products on the market, he says. But expect it to come down over time.
Especially when encryption comes included in Windows Vista Enterprise Edition, in the form of BitLocker.