Infosec 2009: DES puts full disk encryption in DESlock+ 4.0

DESlock+ 4.0 now supports full disk encryption

Data Encryption Systems (DES) has introduced a new version of its file encryption tool for Windows, adding full disk encryption, centralised management support and user-friendly protection of information on removable storage.

DESlock+ Version 4.0, available immediately, was officially launched today at the Infosecurity Europe conference at London's Earl Court.

The new version brings full disk encryption and more flexible support for media such as USB Flash drives, while keeping the file and folder level encryption capabilities offered in earlier releases. It uses the 256-bit Advanced Encryption Standard.

With full disk encryption, DESlock+ can now provide blanket protection for laptop hard drives, a feature customers had been lobbying for, according to DES.

However, the firm decided to go back to the drawing board to ensure that DESlock+ 4.0 had the necessary management tools, which has delayed the release by about a year.

"Granular encryption is fairly easy to manage, but full disk encryption is more difficult, so we completely rebuilt it with new admin tools including a central server. We needed to get it right first time," said DES managing director David Tomlinson.

The new Enterprise Server gives administrators complete control over the client software, including the ability to centrally manage policies and encryption keys, according to the firm. Clients check back with the central server periodically to get updates on policy settings.

This enables full disk encryption to be applied without a desk-side visit by a technician, Tomlinson said. If a policy specifies that a particular machine should be encrypted, this will happen in the background without users being aware.

Alternatively, DESlock+ 4.0 enables administrators to pre-encrypt disk images before pushing them out to users.

While Microsoft's Bitlocker tool in Windows Vista encrypts the entire drive, DESlock+ can encrypt just specific partitions, Tomlinson said. It also provides a second line of protection, as individual files and folders containing sensitive information can be encrypted with a separate key known only to the user, he added.

"If an IT guy comes along to look at your laptop, he can get access to your hard disk but not folders with private information. It's a 'belt and braces' approach to security," he said.

DESlock+ also provides enhanced support for removable storage, enabling encrypted and non-encrypted information to sit side by side on devices such as USB memory sticks.

Companies can set policies to enable files written from a protected PC onto a USB stick to appear in an encrypted folder, rendering them unreadable if removed from the office.

Because DESlock+ uses shared keys, colleagues can seamlessly exchange files this way, providing they have the same key, according to Tomlinson. Meanwhile, any files already on the device will be filtered out by DESlock+ to prevent viruses getting onto company systems, but these are otherwise left untouched.

"It's like there's a firewall between any plain [unencrypted] data and sensitive data on the stick," said Tomlinson.

This allows employees to use their own memory sticks at work, without fear of bringing in malware or exposing sensitive information if the device should go missing.

"If you can introduce encryption, and enforce it without it getting in everyone's way, then you've achieved something," Tomlinson said.

DESlock+ Version 4.0 costs from £45 per seat, based on the purchase of at least 1,000 licences.

DES is offering discounts at Infosec to visitors with more than 100 users who register an interest in the product. Customers with more than 500 users signing up for three years' support and maintenance will get the licences for free, and pay only for support and maintenance.