DES full disk encryption to rival Bitlocker

Data Encryption Systems announces shipping information for its DESlock+ encryption tool for PCs

Data Encryption Systems (DES) is planning to ship version 4 of its DESlock+ encryption tool for PCs later this month, adding full disk encryption to the software's existing folder and email encryption functions. The move could make DESlock+ a rival to Microsoft's Bitlocker tool in Windows Vista.

DESlock+ differs from many other encryption tools as it uses shared keys to allow colleagues to securely swap files and emails, and does not make use of public key infrastructure (PKI). This makes it much easier to setup and to share encrypted information, according to the firm.

Version 4 adds the ability to encrypt the entire PC disk, a capability DESlock+ lacked until now, but which customers have been asking for to protect data on laptops, according to managing director David Tomlinson. However, its ability to also encrypt individual files and folders differentiates it from tools like Bitlocker, he added.

"Full disk encryption is like a lock on the front of the building, but granular encryption lets you create a safe inside the building for sensitive information," Tomlinson said, pointing out that a company's IT staff typically have full access to systems in order to perform maintenance.

"What if you’re the finance director, with documents relating to a takeover on your hard drive? Even with full disk encryption, you still need to secure things," Tomlinson explained. With DESlock+, the entire hard disk is encrypted with one key, while particular folders can be protected by a different key that only the user has.

Tomlinson said there is nothing wrong with Microsoft's Bitlocker, but that it only supports encryption of the entire hard drive, and so only protects data at rest. "The minute I need to email a document or copy it to a Flash drive, I need to use something else," he added. The same limitations apply to the hardware encryption embedded into newer laptop hard drives from Seagate.

DESlock+ 4 was due to ship late in 2007, but the company delayed it in order to beef up its management tools with remote deployment functions. The software has also been going through an approvals process by the UK government's Central Sponsor for Information Assurance (CSIA) agency.

Tomlinson said that DES is getting a lot of interest from organisations following a spate of data loss incidents in 2007.