Full disk encryption product recommendations

[wheresmybacon]

I'm one of a handful of senior sysadmins within a relatively large (>10,000 users) organization, and management has had my division doing a pilot of
GuardianEdge Hard Disk Encryption software.

When it works it's great, but when there's a problem it puts one of our folks dead in the water until we can get a tech onsite, and that's just not acceptable.

Anyone have any recommendations of alternatives? This software offers full disk encryption, and we'd need something similar.

I want to get behind an effort to stop this product from being deployed internally, but unless I have an alternative it's probably going to be what we go with.

Thanks in advance

 

[imported_snikt]

We use True Crypt on our thumb drives but I don't have too much experience with True Crypt. We use Check Point (formerly Pointsec) on our laptops. Depending on the size of the hd and the processor, it can take a while to encrypt the data with Check Point but so far it seems to work great. Fortunately we haven't had any problems without laptops regarding the encryption so I can't speak of the Check Point support.

 

[wheresmybacon]

Yeah encrypting/decrypting the disk can take a while with probably any product of this type. I'm not terribly concerned about that; it's part of the deal no matter what you go with.

The problem I have with GuardianEdge is how it deals with password management and AD integration. In short, when it fails, the user is dead in the water. Right now we're seeing too many failures.

 

[Chiefcrowe]

We're using Pointsec here and trying to deploy it to everyone. From what i hear from the people who are running it is that it is working pretty well and we're trying to get all laptops on it now!

 

[wheresmybacon]

Pointsec looks interesting. I have a meeting on Monday and if I have time I'll present that as an option. Thanks!

 

[WobbleWobble]

We use Pointsec on our 1500+ laptops

 

[sourceninja]

We use truecrypt on a few hundred notebooks. I wrote a application to keep the recovery isos and passwords. Truecrypt has no built in method for large scale distribution, however with my solution it is acceptable.

But if the user forgets their password, or if the header files are corrupted, the user is dead in the water until they can get back to IT.

 

[Phynaz]

SafeGuard

 

[BriGy86]

Originally posted by: sourceninja
We use truecrypt on a few hundred notebooks. I wrote a application to keep the recovery isos and passwords. Truecrypt has no built in method for large scale distribution, however with my solution it is acceptable.

But if the user forgets their password, or if the header files are corrupted, the user is dead in the water until they can get back to IT.

We use Safeboot. And have the same problem that's bolded. I'm not sure that you'll get around this with any drive encryption software.