Another problem with many of the free products is that the extra steps needed to encrypt the files are a hassle. And the more work involved to maintain the encryption, the less likely users will stick with it over time. Eventually users take the path of least resistance and just save their files without any encryption, as Boeing is now painfully aware. Plus, the freeware PGPdisk product is back several versions in terms of features, compared with the current commercial version 9.5.
The most secure and easiest-to-use method is to purchase the most current version of PGP Whole Disk Encryption or PGP Desktop. Neither is very expensive: the Whole Disk product starts at $49 for an annual subscription and Desktop starts at $79 for professionals. The nice thing about both products is that they are available for both Windows and Mac users -- most of their competition just runs on Windows. Another plus over the freeware PGP products is that the commercial product can integrate with Windows logins, so the user doesn't have to do any additional steps to access their data.
"Once PGP Desktop is set up by our IT people, the users don't have to do anything. It can copy their network login credentials and use them as the encryption password, so end users don't have any extra steps to encrypt and decrypt their drives, nor do they have to remember yet another password. It loads before the operating system loads, so it is pretty child-proof," says Figueiredo.
The Desktop product has a bunch of useful tools in it, such as the ability to encrypt an entire hard disk or only removable media like USB flash drives. PGP Desktop also will encrypt AOL Instant Messenger conversations and e-mail messages.
Another advantage for using the commercial PGP products is that they offer a full range of products. "PGP is an industry standard, has a great name, and has been around for over 10 years. They also have a comprehensive range of products when it comes to encryption that allows for a wide variety of offerings for laptops, PDAs, e-mail, file servers, and FTP, and they support various platforms. You can buy whole disk encryption today and just buy add-on modules for e-mail encryption and the other solutions when the need arises. IT administrators at our clients' sites need to be trained only once, on one platform," says Figueiredo.
Don't Wait For A Problem
With all of the various methods available to corporate IT staff, there's no time like the present to start protecting data with at least one of the solutions mentioned, rather than waiting for a situation to force their hands. "Privacy and data protection have always been an afterthought, causing expensive retrofitting later," Smith says. "But with enough bad publicity and court litigation, maybe corporations will stand up and take notice and start taking this issue seriously."
— David Strom, Information Week