Data encryption


Guidelines on Encryption of Sensitive and Highly Sensitive Data


What is Data Encryption?

Data Encryption involves transforming data into an unreadable format to prevent unauthorized access to the data. To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it.

Data Encryption Methods:

Most operating systems have built-in encryption functionality.  Third party products provide additional feature sets in this area. 

Windows XP Data Encryption – EFS

Windows XP Professional/Enterprise, 64 Bit Professional/Enterprise editions have an inbuilt encryption feature called EFS Encryption that allows you to encrypt files and folders within the OS.

Note that EFS in Windows XP does not however provide for encryption of the entire hard drive. For full drive encryption, a third party product is needed.


Windows Vista/Windows 7 Data Encryption – Bitlocker

Windows Vista Professional/Enterprise and Windows 7 Professional/Enterprise have an inbuilt encryption feature called Bitlocker. This feature allows you to encrypt an entire drive.


MAC OS X Data Encryption

MAC OS X comes with an inbuilt encryption feature called FileVault. It works by separately encrypting each user account along with their corresponding data.


Other Third Party Encryption Tools:

FreeOTFE (Free On The Fly Encryption) 
Cost: Free

  • Operates by allowing you to create an encrypted virtual volume within Windows
  • The whole volume maps back to a single (.vol) file which can be copied easily to a network drive or other secure location
  • The only drawback with OTFE is that if you are the creator of the .vol file, you can delete it without being asked for the encryption password. However, this .vol file should be backed up in normal circumstances where sensitive data is present and a user should be aware that deleting this file is akin to emptying their My Docs folder

 


Folder Lock
Cost: €30 per license

  • Very similar to OTFE in how it creates a password protected virtual area called a locker
  • Has a user friendly GUI that mimics putting your files into a safe and locking them
  • One important feature over OTFE is that the volume file or “locker” can’t be deleted on the machine it was created on unless you enter the password. This cuts out the danger of accidental deletion


PGP Whole Disk Encryption
Cost: €110 per license

  • Encrypts the whole drive and any external drives attached
  • Ability to encrypt individual partitions
  • If whole drive encrypted, requires authentication password before Windows starts to boot, otherwise does not inconvenience the user
  • Available for PCs, Macs and some Linux flavours.
  • Allows interoperability between encrypted external drives used on both MACs and PCs
  • License is perpetual and includes 1 years limited support
  • Conforms to European standards for Govt, Health, Financial etc.

Note:
The National University of Ireland, Galway has no business relationship and makes no endorsement of any product listed