 This program pays for itself with the e-mail function alone. The fact that I no longer have to print a document and courier it saves me both time and a lot of money. If all you use APO for is to send documents via e-mail, this program is worth it. If it happens to save you from having to deal with customers that are unhappy with you because you lost their data to some unknown person, that is a bonus. I use APO on all my computers and so should you. Jon |
 |
How to choose encryption that is right for you
By taking 5 minutes to read through this, you will learn the right questions to ask when choosing encryption software.
Styles of Encryption
There are 3 styles of encryption that use AES certified software:
Each style of encryption has advantages and disadvantages. Only you can determine which style is right for you.
topFile Encryption
Advantages
- Your files are portable and can be e-mailed without decrypting them first.
- You can share keys with others in your office and thereby share files that are encrypted.
- The decryption process does not slow your computer down since, unlike FDE, you don't have to decrypt your programs as well as your files.
- Protects against viruses and spyware.
- 2 factor encryption. File encryption allows you to keep your key separate from your computer. If your computer is stolen, but you have the key, the data is useless to the thief.
Disadvantages
- If a user does not save a new file in a designated folder, it will not be encrypted unless he encrypts it manually.
- You must double click on the file you want to open instead of choosing it from the Open File drop down menu. Many people open their files in this way anyway; in which case this is not a disadvantage.
- Unless your database is small, File Encryption is cumbersome to use with a database. If your main purpose for using encryption is to secure data kept in a database, you are much better off with Full Disk Encryption. Keep in mind that if you wish to keep your back-up of the database encrypted, you will need to use a File Encryption program since Full Disk Encryption cannot do this.
APO file encryption running with APO Server
Extra Advantages
top
- Split key technology for added security.
- Single use keys for e-mailing clients.
- Automated key selection for e-mailing clients.
- Automatic escrow of encryption keys for added safety.
- Automated key sharing for the whole office and for groups within the office (e.g.: human resources key).
Full Disk Encryption
Advantages
- Encrypts everything on your hard drive. No matter where a file is saved it will be encrypted.
- A file is never decrypted. Even when working on a new document in Word, the files remains encrypted on your hard disk. Only the portion of the file currently in use is stored decrypted in memory.
Disadvantages
top
- Encrypts everything on your hard drive. Even your programs are encrypted. The process of opening a Word document now requires that the Word program, and all of its supporting files, first be decrypted.
- Does not protect against spyware. FDE does not care what program or who calls for a file. Once the user has logged on, spyware can look for any Excel or other file and send it out via the internet. The file requested by the spyware will be automatically decrypted before it is sent out.
- Some FDE software will not allow for 2 factor encryption. The key must reside on the hard drive. Your data is then only as safe as your password is strong.
File Vaults
Advantages
- Vaults are often undetectable. When crossing boarders, an inspector would not see the vault, nor the files within it.
Disadvantages
- You must drag files into the vault after they are saved. This adds a time consuming extra step.
- The original file is not shredded. You would have to buy shredding software separately, and run it each time you dragged a file into the vault.
Types of Encryption
I think you will agree that if you are going to make the effort to encrypt data, you should use encryption that is secure and you should be absolutely positive that it works.
There are many types of encryption out there but only one that is used by governments, militaries and is required by HIPAA. AES encryption is the standard. Many of the other types of encryption such as 3-DES and Blowfish have been cracked and are no longer considered safe.
It doesn't cost any more, so insist on the AES standard.
topCertification
Encryption algorithms are actually quite difficult to implement correctly. Not every programmer is going to be able to get it right.
This is why you should be sure your encryption software has been certified. Once again, governments, militaries, and HIPAA all require certification, why wouldn't you?
Without certification, you cannot know if your encryption is working. That is why the US, British and Canadian governments got together to set up labs that will review the code and test the software. Once software has been certified by one of these labs, it will display the FIPS (Federal Information Processing Standard) certification, as well as a certificate number. That number allows you to go to the FIPS web site and compare your software with the certified software to ensure that it hasn't changed since it was certified.
Once again, it doesn't cost you anything extra for the peace of mind that certified software brings. Don't settle for anything else.
topShredding
Once your files are encrypted, it isn't enough to simply delete the originals. Windows delete function does not actually delete so much as just forget that the file is on the hard drive. Recovery of deleted files is a simple process, so it would defeat the purpose of encrypting data if the originals are not shredded.
Unless you are loading your encryption program on a brand new computer, you will also need to shred all the free space on your hard drive. This will get rid of the files you have deleted in the past.
You can purchase separate software for shredding files and for shredding free space. Good encryption packages will have this function built in. When you encrypt a file the original should be automatically shredded.
topPortability
You will need to decide what you want to do with your encrypted data. If you want to be able to keep your files encrypted when you,
- Move data from a computer onto a LAN,
- E-mail them,
- Transport them on a disk or USB thumb drive,
- Back them up, or
- Move them in any other way off your hard drive
Then you are going to want file encryption.
If you never require portability of your encrypted data, then you can use File Encryption, Full Disk Encryption (FDE) or a File Vault.
FDE and File Vaults tie your files to your computer. As soon as you move the file off your hard drive it must be decrypted. With File Encryption you can take your key with you and decrypt the file on another computer.