Is there any reason to go with third-party tools when vendors offer their own (like Microsofts BitLocker for Windows 7)?
You must use a third-party vendor as the PC and OS vendors’ offerings (Apple and Microsoft) are not geared for truly effective centralized management. Without centralized management you don’t have an easy way to manage, recover lost passphrases or view all encrypted computers to see their status. We use PGP and users do forget their PGP passphrase. The centralized management console allows us to provide a 32-bit one-time unlock token that we give to the user. Since security is critical, whenever we request this token (every token is different for every computer – no universal token) we are prompted with a “pop up” informing us that all actions are tracked and audited. Just think if you don’t have the ability to provide an unlock token, you’d have to format these computers and re-image. What are the human (as opposed to technical) challenges in encrypting desktops and laptops? You must be tough — as in, it’s my ball and my glove, so if you want to play you need to do as I say. We do no
