TechRadar pro

File Encryption, Whole-Disk Encryption, and VPNs

BitLocker is a full disk encryption feature included with selected editions of Windows. Read on for our pick of the very best tools for keeping your data safe. Cypherix SecureIT handles the basic task of encrypting and decrypting files and folders in a workmanlike fashion, but it lacks advanced features offered by the competition. Voltage HPE SecureData Enterprise provides stateless key management, an extremely flexible application programming interface API that can integrate with nearly any application, and support for various operating systems and devices. JUAN January 8, , 9: When people think of digital security, they probably think of antivirus software.

Related Articles

Top 5 Best Free File Encryption Software for Windows

To share those documents with the right people, you simply supply them the decryption password. Just which encryption product is best for you depends on your needs, so we've rounded up a varied collection of encryption products to help you choose. In this roundup, I'm specifically looking at products that encrypt files, not at whole-disk solutions like Microsoft's Bitlocker.

Whole-disk encryption is an effective line of defense for a single device, but it doesn't help when you need to share encrypted data. And of course the VPN's encryption doesn't just magically rub off on files you share. Using a VPN is a great way to protect your internet traffic when you're traveling, but it's not a solution for encrypting your local files.

But no such back door existed, and Apple refused to create one. The FBI had to hire hackers to get into the phone. Why wouldn't Apple help? Because the moment a back door or similar hack exists, it becomes a target, a prize for the bad guys.

It will leak sooner or later. In a talk at Black Hat this past summer, Apple's Ivan Krstic revealed that the company has done something similar in their cryptographic servers. Once the fleet of servers is up and running, they physically destroy the keys that would permit modification. Apple can't update them, but the bad guys can't get in either.

All of the products in this roundup explicitly state that they have no back door, and that's as it should be. It does mean that if you encrypt an essential document and then forget the encryption password, you've lost it for good.

Back in the day, if you wanted to keep a document secret you could use a cipher to encrypt it and then burn the original. Or you could lock it up in a safe. The two main approaches in encryption utilities parallel these options. One type of product simply processes files and folders, turning them into impenetrable encrypted versions of themselves. The other creates a virtual disk drive that, when open, acts like any other drive on your system.

When you lock the virtual drive, all of the files you put into it are completely inaccessible. Similar to the virtual drive solution, some products store your encrypted data in the cloud. This approach requires extreme care, obviously. Encrypted data in the cloud has a much bigger attack surface than encrypted data on your own PC. It really depends on how you plan to use encryption.

If you're not sure, take advantage of the day free trial offered by each of these products to get a feel for the different options. After you copy a file into secure storage, or create an encrypted version of it, you absolutely need to wipe the unencrypted original. Just deleting it isn't sufficient, even if you bypass the Recycle Bin, because the data still exists on disk, and data recovery utilities can often get it back. Some encryption products avoid this problem by encrypting the file in place, literally overwriting it on disk with an encrypted version.

It's more common, though, to offer secure deletion as an option. If you choose a product that lacks this feature, you should find a free secure deletion tool to use along with it. Overwriting data before deletion is sufficient to balk software-based recovery tools.

Hardware-based forensic recovery works because the magnetic recording of data on a hard drive isn't actually digital. It's more of a waveform.

In simple terms, the process involves nulling out the known data and reading around the edges of what's left. If you really think someone the feds? An encryption algorithm is like a black box. Dump a document, image, or other file into it, and you get back what seems like gibberish. Run that gibberish back through the box, with the same password, and you get back the original. Even those that support other algorithms tend to recommend using AES. If you're an encryption expert, you may prefer another algorithm, Blowfish , perhaps, or the Soviet government's GOST.

For the average user, however, AES is just fine. Passwords are important, and you have to keep them secret, right? With PKI, you get two keys. One is public; you can share it with anyone, register it in a key exchange, tattoo it on your forehead—whatever you like. The other is private, and should be closely guarded. If I want to send you a secret document, I simply encrypt it with your public key.

When you receive it, your private key decrypts it. Using this system in reverse, you can create a digital signature that proves your document came from you and hasn't been modified. Just encrypt it with your private key. The fact that your public key decrypts it is all the proof you need.

PKI support is less common than support for traditional symmetric algorithms. If you want to share a file with someone and your encryption tool doesn't support PKI, there are other options for sharing.

Many products allow creation of a self-decrypting executable file. You may also find that the recipient can use a free, decryption-only tool. Right now there are three Editors' Choice products in the consumer-accessible encryption field. The first is the easiest to use of the bunch, the next is the most secure, and the third is the most comprehensive.

AxCrypt Premium has a sleek, modern look, and when it's active you'll hardly notice it. Files in its Secured Folders get encrypted automatically when you sign out, and it's one of the few that support public key cryptography. CertainSafe Digital Safety Deposit Box goes through a multistage security handshake that authenticates you to the site and authenticates the site to you. Your files are encrypted, split into chunks, and tokenized.

Then each chunk gets stored on a different server. A hacker who breached one server would get nothing useful. Folder Lock can either encrypt files or simply lock them so nobody can access them. It also offers encrypted lockers for secure storage. Among its many other features are file shredding, free space shredding, secure online backup, and self-decrypting files. The other products here also have their merits, too, of course. Read the capsules below and then click through to the full reviews to decide which one you'll use to protect your files.

Have an opinion on one of the apps reviewed here, or a favorite tool we didn't mention? Let us know in the comments. MicroEncryption renders bulk data breach of cloud-stored files impossible. Logon handshake authenticates both user and server.

Bottom Line Vormetric Transparent Encryption encrypts databases and files and removes data access rights from administrators. When integrated with a security information and event management system, it can generate extremely detailed reports. Bottom Line Gpg4win encrypts emails and files with military-grade security. You can also use it to digitally sign your messages and files. The software is open source and free to use even commercially. Bottom Line With Boxcryptor, users can encrypt any files they plan to store in a cloud-based repository i.

Boxcryptor provides applications for all major operating systems and mobile platforms, allowing users to access their encrypted files anywhere at any time regardless of where the files are stored. VeraCrypt is open-source disk-encryption software from IDRIX that protects files and systems and prevents data leaks and data theft. Bottom Line VeraCrypt open-source disk-encryption software adds enhanced security to the encryption algorithms used for systems and partitions.

It makes systems and partitions immune to the latest developments in brute-force attacks and solves many of the security issues and vulnerabilities found in TrueCrypt. Digital Guardian is data-centric encryption and protection software, with a wide array of tools and system coverage. Bottom Line Digital Guardian is data-centric encryption and protection software, with a wide array of tools and system coverage.

Its protection extends to your sensitive files no matter where they are on the network, endpoints, and cloud. With detailed reports on data activity and user policy enforcement, Digital Guardian will provide you with the tools and means to protect your valuable data. Hide My Ass is a VPN service that will protect your Web traffic and route it through any of servers spread across the globe, but for a hefty price.

LastPass Authenticator is a simple way to greatly improve the security of your LastPass account, and it can even keep your accounts on dozens of other sites safe. When people think of digital security, they probably think of antivirus software.

While that kind of security software protects against If you click a merchant link and buy a product or service on their website, we may be paid a fee by the merchant. Business Software Security Encryption Encryption. Deployment On-Premises Mobile Cloud. Symantec Endpoint Encryption Symantec Endpoint Encryption provides encryption and centralized management to protect sensitive information while ensuring regulatory compliance. Microsoft BitLocker Drive Encryption BitLocker Drive Encryption is an encryption feature that works to provide your operating system and any other drives with increased protection.

InvisibleSecrets East-tec InvisibleSecrets is a steganography and file-encryption tool that encrypts confidential file and folder structures and allows users to hide files from other users. Cypherix Cryptainer Cypherix Cryptainer is a data-encryption solution that allows users to encrypt files and protect sensitive data on their hard drives, memory sticks, or other storage media.

DriveCrypt DriveCrypt data encryption provides secure bit disk encryption for desktop computers and laptops. Ciphershed CipherShed is a free, open-source program that can be used to create encrypted files or to encrypt entire drives including universal serial bus USB flash drives and external hard disk drives HDDs.

MiniLock MiniLock is simple file-encryption and transfer tool that makes it easier and more convenient to securely send files from one person to another. Kryptel Kryptel encryption software allows Windows personal computer PC users to encrypt and decrypt one to thousands of files and folders with a single click for secure file storage. Vormetric Transparent Encryption Vormetric Transparent Encryption encrypts data, enables privileged user access control, and creates activity logs.

Gpg4win Gpg4win is open-source solution that encrypts and digitally signs files and emails. Boxcryptor Boxcryptor provides encryption for files stored within various platforms the cloud.

Encrypt Everything!

Leave a Reply

IBM® Multi-Cloud Data Encryption provides a broad range of features, including data has been visited by K+ users in the past month. How can the answer be improved?Tell us how. File Encryption, Whole-Disk Encryption, and VPNs In this roundup, I'm specifically looking at products that encrypt files, not at whole-disk solutions like Microsoft's Bitlocker. Whole-disk encryption is an effective line of defense for a single device, but it doesn't help when you need to share encrypted data.