Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message



Control Break SafeBoot device encryption

Article comments

Control Break's SafeBoot Device Encryption employs whole-disk encryption, also called power-off encryption. It encrypts a machine’s hard disk and modifies the Windows master boot record so that the machine requests a log-on name and password at startup. The idea is that the data is completely inaccessible if someone turns on the machine without the proper authentication. Thus, it’s protected when the power is off.

When it's turned on, of course, the material on the hard disk is decrypted, and at the mercy of worms and any other risk that gains access to the machine. PowerOn encryption products such as Credant's Mobile Guardian (reviewed last week) may be a better option.

As well as hard disks, SafeBoot will encrypt the contents of PDAs and smartphones. It supports client platforms including Windows, PocketPC, PalmOS, and Symbian. Linux support is planned for Q4 of this year.

Installing the management software
Before you can start encrypting anything, you must install the SafeBoot Management Center, along with the SafeBoot Administration Database. This latter product is a proprietary data store that keeps configuration and user information needed by the enterprise version of this product.

The setup process leads you through installing the admin server, creating groups to be managed, and finally creating users and machines. When these are created, you use the server to create an install set that’s used to place the client software onto each machine.

Robust encryption process
After the client software is installed and synchronised with the server, the encryption process begins. I tested encryption on two machines, an HP D530 desktop PC with an 80 Gbyte disk drive and an IBM Z Pro Xeon workstation with a 72 Gbyte drive. Encryption took about two hours on the HP.

On the IBM, because there was an incompatibility between the SafeBoot encryption software and IBM’s LSI SCSI controller drivers, the Z Pro restarted several times during the encryption process. Fortunately, the SafeBoot encryption process is extremely robust, and it was able to recover from these restarts and eventually complete the encryption process. Additional testing on a different system showed that, although SafeBoot operates more slowly on SCSI-based machines, the reset problem seems to be unique to IBM’s implementation of LSI’s SCSI controller on the Z Pro.

Although the time for encryption is lengthy, the productivity hit is smaller than you might expect. The machine can still be used during the process, although disk-intensive activities may be slowed somewhat. The processor load is minimal, however, so many users are unlikely to notice much of an impact.

An additional product could solve the power-on problem
SafeBoot can be set up so that a screensaver will launch after periods of inactivity. Getting back into the machine requires logging on with a user name and password. A risk remains, however, that someone can gain remote access to the machine - and the information that should be protected - while it’s in use. SafeBoot’s Content Encryption product, designed to work with SafeBoot Device Encryption, would solve this problem, but that product was not made available for this review.

Good protection from theft
This product provides good protection for mobile devices where the primary risk is loss or theft. Unauthorised users aren’t likely to be able to do anything with a device equipped with SafeBoot unless they know the user name and password. Likewise, given a reasonable level of security precautions such as a personal firewall and use of the SafeBoot screensaver, the risk of unauthorised access is reduced. Without a separate product, however, admin staff can still gain unauthorised access to view the material contained in the machine, so some risk remains.

Whole-disk encryption products should never be installed by themselves except perhaps on machines that will rarely, if ever, be attached to your network. In that case, they should also be equipped with their respective content encryption packages, but those add cost and complexity. If you must use a whole-disk encryption package because of your corporate policy or your lawyers, then the better choice is SafeBoot.


More from Techworld

More relevant IT news


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *