While I agree that it is a good idea to encrypt laptops using TrueCrypt (which has no enterprise key management) is not a viable

Having encrypted laptops and other media for many years, you feel quite secure in knowing that you are safe from laptop thieves...that is until you find out your encryption vendor has it in for you. There is nothing more exciting than to turn your laptop on, have it come up then realize you've just lost all your data because your encryption software just bit the bullet. And no matter how careful you are about backups in whatever form they take, you will still suffer data loss. This always happens at the time you most need your data so there is further embarrassment and expletives thrown out about the lousy programming on the encryption software and why o why did I ever think this was a good idea.

This is a balance, a bet, perhaps insurance: what are the odds your data will get stolen versus what are the odds your encryption software will do a face plant on you? My experience is that the odds of the encryption software dying is far greater than that of someone stealing your data. Only YOU can be the judge of that in your own personal set of circumstances.

If you elect the encryption option, just be sure you backup often and frequently.

What are some options for online backup? How are other people backing up data that contains tax info, ssn numbers, bank/financial info? Are people really using online systems?

I manage a network for a small engineering firm. I have about ten field users with laptops. So of course I was excited when I found out that the latest version of Truecrypt password protected/encrypted entire disks. I decided to test it out on my own laptop before I encrypted everyone's laptop and I'm sure glad I did.

First of all, Windows takes a solid two minutes to boot up now. Granted it's faster when it's plugged into AC, but I rarely use it on AC for any significant amount time.

Secondly, Truecrypt doesn't support hibernation. This is a deal-breaker as far as I'm concerned. Because now I'm forced to put the computer into standby which totally defeats the purpose of having a boot-password or shut the computer down completely which A) takes forever and B) makes it a pain in the butt when I boot it back up.

If I had installed this on my users' laptops they probably would have tied me to the bumper of a car and dragged me through the streets.

Jungledisk is a good option.

There shouldn’t be any excuses. But really there haven’t been any excuses for years. Free encryption solutions and some very good commercial applications have been around since the vulnerability was “discovered.” Despite more rigorous legislation and increased media visibility data exposure via PC loss continues. Heck, even the most punitive outcome to businesses (customer loss) doesn’t seem to have slowed occurrences. So why then, is this still a problem?

I think there are two fundamental reasons (alluded to in both the article and many of the comments above). First, encryption is a pain-in-the- you know what. It’s tough for deploy and manage. Ask yourself why else would there be repeated offenses by both private companies and the public sector many months after their reported committment to deploy XYZ encryption solution? Secondly, solutions that require employees (users) to be involved in the security solution or process – whatever it may be – are flawed. When faced with a security/productivity tradeoff employees will always opt for productivity. A recovery disk in the event of encryption failure (or as Mike describes it, when encryption “Bites the bullet”) seems reasonable. Are you kidding? Know when you won’t have your recovery disk? When encryption fails and locks you out of your computer just minutes before the biggest sales presentation of your career!

Cam Roberson
http://pcsecurityblog.beachheadsolutions.com

There shouldn’t be any excuses. But really there haven’t been any excuses for years. Free encryption solutions and some very good commercial applications have been around since the vulnerability was “discovered.” Despite more rigorous legislation and increased media visibility data exposure via PC loss continues. Heck, even the most punitive outcome to businesses (customer loss) doesn’t seem to have slowed occurrences. So why then, is this still a problem?

I think there are two fundamental reasons (alluded to in both the article and many of the comments above). First, encryption is a pain-in-the- you know what. It’s tough for deploy and manage. Ask yourself why else would there be repeated offenses by both private companies and the public sector many months after their reported committment to deploy XYZ encryption solution? Secondly, solutions that require employees (users) to be involved in the security solution or process – whatever it may be – are flawed. When faced with a security/productivity tradeoff employees will always opt for productivity. A recovery disk in the event of encryption failure (or as Mike describes it, when encryption “Bites the bullet”) seems reasonable. Are you kidding? Know when you won’t have your recovery disk? When encryption fails and locks you out of your computer just minutes before the biggest sales presentation of your career!

Cam Roberson
http://pcsecurityblog.beachheadsolutions.com

There shouldn’t be any excuses. But really there haven’t been any excuses for years. Free encryption solutions and some very good commercial applications have been around since the vulnerability was “discovered.” Despite more rigorous legislation and increased media visibility data exposure via PC loss continues. Heck, even the most punitive outcome to businesses (customer loss) doesn’t seem to have slowed occurrences. So why then, is this still a problem?

I think there are two fundamental reasons (alluded to in both the article and many of the comments above). First, encryption is a pain-in-the- you know what. It’s tough for deploy and manage. Ask yourself why else would there be repeated offenses by both private companies and the public sector many months after their reported committment to deploy XYZ encryption solution? Secondly, solutions that require employees (users) to be involved in the security solution or process – whatever it may be – are flawed. When faced with a security/productivity tradeoff employees will always opt for productivity. A recovery disk in the event of encryption failure (or as Mike describes it, when encryption “Bites the bullet”) seems reasonable. Are you kidding? Know when you won’t have your recovery disk? When encryption fails and locks you out of your computer just minutes before the biggest sales presentation of your career!

Cam Roberson
http://pcsecurityblog.beachheadsolutions.com

TrueCrypt is in fact an excellent option... If you're an all Windows shop. If you've got Mac and Linux on the floor, then note TrueCrypt doesn't support system-wide encryption of all files. You must selectively create volumes or containers.

So far, Pointsec is the only option we've found that allows DWE on all three platforms.