PGP Whole Disk Encryption review
By Frank Ohlhorst | Computerworld US | Published: 16:28, 10 February 2010
PGP has been around since 2002, but the company's roots go back to 1991, when the code base for Pretty Good Privacy (PGP) was developed. Over the years, PGP has become one of the leaders in encryption technologies. The company offers a wide variety of products that help users encrypt data files, e-mails and many other types of data. For the mobile worker and the individual user, PGP Whole Disk Protection is a very good choice for protecting the data on a hard drive.
PGP Whole Disk Encryption offers all of the same basic features as BitLocker and TrueCrypt. The management console runs as a desktop application — similar in design to both BitLocker and TrueCrypt — offering wizards, interactive help and tools to encrypt and decrypt data files stored on encrypted volumes.
Unlike BitLocker, which is bundled with Windows 7, and TrueCrypt, which is free, PGP Whole Disk Encryption comes with a price tag: $149 per seat. However, that price tag delivers some capabilities not found in other products.
For example, unlike BitLocker, PGP Whole Disk Encryption works with a number of platforms, including 32-bit and 64-bit versions of Windows 2003, XP, Vista and Mac OS X. Also, unlike TrueCrypt, PGP Whole Disk Encryption can scale for networked environments and can be managed using a networked console, the PGP Universal Gateway, which manages the keys and other enterprise aspects of the platform.
PGP Whole Disk Encryption is available as a standalone, single-user product and is also available in work group, server and managed-services editions, which allows the product to scale from a single-user solution to a large enterprise network.
The product is very easy to install. Adding encryption to a drive or device is just as simple, yet you have a great deal of control over how the product works with your data, thanks to granular menus that allow you to configure options for everything from encryption strength to target devices.
By default, PGP Whole Disk Encryption uses 256-bit AES encryption and leverages PGP's Hybrid Cryptographic Optimizer (HCO) technology. HCO uses improved algorithms and is designed to be very efficient, which helps to improve performance.
PGP Whole Disk Encryption offers many features, including the ability to use single sign-on, a technology that limits the number of times that you have to enter passwords or keys — ideally, you will only have to enter those at the beginning of your session and then have access to all of your authorized devices without having to authenticate again.
The program also lets you create an encrypted "PGP Zip" file that you can send to others (your recipients will not need a copy of PGP to access the files). PGP also includes a secure data-shredding tool for making any deleted file unrecoverable.
PGP's whole disk functionality allows users to encrypt a complete hard drive in a single step, with no need to separately encrypt the partitions on the hard drive. That makes the concept of encryption much easier to grasp for neophyte users and also makes it easier to apply the product to portable systems.
PGP Whole Disk Protection also works with TPM, if the system is so equipped. When paired with single sign-on capabilities, PGP Whole Disk Protection works transparently, making it very easy to deploy to multiple users without generating requests for help or training.
The PGP management console runs as a desktop application — similar in design to both Bitlocker and TrueCrypt, it offers wizards, interactive help and tools to encrypt and decrypt data files stored on encrypted volumes.
I found the whole process very easy. Once PGP Whole Disk Protection was installed, all I had to do was launch the PGP Desktop and click on "Encrypt whole disk". The encryption process runs in the background and requires only that you input a password. It only took about two hours to encrypt my Toshiba Portege and about five hours to do my Lenovo T61p. When I rebooted the systems, a PGP screen came up asking for my password; once I entered that, the boot process continued as normal.
PGP Whole Disk Protection is adept at handling removable media. I encrypted six USB drives, and the process was very straightforward. All I needed to do was insert a fresh USB drive into the system and then launch the appropriate wizard from the PGP Desktop. You can encrypt the whole USB drive or create a Virtual Volume. A Virtual Volume allows you to create an encrypted container on the drive, which can then be mounted as a separate drive. Once the password is entered, a Virtual Volume works just like any other storage device.
The product proved to be easier to use than TrueCrypt, although not as easy as BitLocker, thanks to the PGP Desktop, which is laid out in an easy-to-understand fashion and features single-click wizards, such as "encrypt my hard drive," that eliminate many steps for the user.
PGP offers excellent documentation and support, including text and video tutorials and numerous tips.