“The encryption is done inside the hard drive instead of the computer’s CPU. So there’s no performance degradation as the CPU isn’t processing each keystroke. And it’s more secure, because the key required to decrypt never leaves the hard drive so viruses can’t access it.”

Since encryption is centrally managed from a server, SecureDoc can also be configured to enforce an organization’s security policies, says Joseph Belsanti, VP of Marketing at WinMagic.

“Password rules, port control and what devices can connect to the computer — these can all be set up in the user profile. Only company-owned assets can be plugged into the computer, then if someone plugs in a flash drive from home, it won’t work.”

The policy can specify the brand, model and even serial number for devices that can legitimately be used with the computer. Data stored on these will be encrypted in accordance with the user’s profile. “At EDC, things like flash drives, CDs, DVDs are defined in the profile. So if someone downloads corporate information to a flash drive and then loses it at the airport, it’s covered off because it too is encrypted,” he says.

However, the SecureDoc server can be set up to allow members of the same team or department to share devices, depending on how these rights are set up in their profiles. “So if someone from Marketing passes on a flash drive to a team member, he can access it as though it were unencrypted. But if someone from Finance tries to read it, the server won’t allow access.”

WinMagic’s hardware-based encryption approach offers many advantages, but the company faces major competition from Microsoft’s recent release of Windows 7, which includes full hard drive encryption in its BitLocker feature.

While BitLocker is a competitive product, Belsanti says it isn’t suitable for enterprises that want centrally managed encryption. “It doesn’t cover off all scenarios — for example CDs, DVDs and Mac computers. And it doesn’t do as well on the management piece. BitLocker is great but it’s targeted for consumers, not business environments.”

Both encryption and decryption keys are stored locally on computers instead of servers in Windows 7, and this can lead to some unpleasant situations, he warns. “So if an employee leaves the company, there’s no way to get access to information on his computer. With all the layoffs happening in this economy, employees are doing things like holding onto their laptops until their severance is paid. With enterprise controls, organizations can revoke their keys.”

Like many organizations, EDC is exploring Windows 7, says McNulty. “It’s being reviewed now, but we’re not far enough into discovery to have a clear idea what its encryption capabilities are yet. We’re good for at least two years with WinMagic.”

McCracken believes the market will move away from software-based to hardware-based encryption in the future. With SecureDoc, organizations can future-proof their investments in technology, he says. “If things change in the environment, for example, introducing Mac computers, these will be covered under the same encryption management and licensing scheme.”