Infosec 2009: DES puts full disk encryption in DESlock+ 4.0

DESlock+ 4.0 now supports full disk encryption

Data Encryption Systems (DES) has introduced a new version of its file encryption tool for Windows, adding full disk encryption, centralised management support and user-friendly protection of information on removable storage.

DESlock+ Version 4.0, available immediately, was officially launched today at the Infosecurity Europe conference at London's Earl Court.

The new version brings full disk encryption and more flexible support for media such as USB Flash drives, while keeping the file and folder level encryption capabilities offered in earlier releases. It uses the 256-bit Advanced Encryption Standard.

With full disk encryption, DESlock+ can now provide blanket protection for laptop hard drives, a feature customers had been lobbying for, according to DES.

However, the firm decided to go back to the drawing board to ensure that DESlock+ 4.0 had the necessary management tools, which has delayed the release by about a year.

"Granular encryption is fairly easy to manage, but full disk encryption is more difficult, so we completely rebuilt it with new admin tools including a central server. We needed to get it right first time," said DES managing director David Tomlinson.

The new Enterprise Server gives administrators complete control over the client software, including the ability to centrally manage policies and encryption keys, according to the firm. Clients check back with the central server periodically to get updates on policy settings.

This enables full disk encryption to be applied without a desk-side visit by a technician, Tomlinson said. If a policy specifies that a particular machine should be encrypted, this will happen in the background without users being aware.

Alternatively, DESlock+ 4.0 enables administrators to pre-encrypt disk images before pushing them out to users.

While Microsoft's Bitlocker tool in Windows Vista encrypts the entire drive, DESlock+ can encrypt just specific partitions, Tomlinson said. It also provides a second line of protection, as individual files and folders containing sensitive information can be encrypted with a separate key known only to the user, he added.

"If an IT guy comes along to look at your laptop, he can get access to your hard disk but not folders with private information. It's a 'belt and braces' approach to security," he said.