Data protection & Encryption - default to encrypted for mobile devices?

[pete]

I'm currently deciding whether to encrypt all staff laptop hard drives and be done with it or selectively just the ones which will have sensitive data on them. I'm aware that the former is the safer option as it avoids the "people who are storing data they shouldn't be in unencrypted format" issue, but wondered what others were doing?

I've been using Truecrypt for encryption so far, but am also shopping around to see if there's anything better. I have no real gripes with Truecrypt, just doing due diligence.

[Pottsey]

Only just started looking into it today but my first thoughts are if encryption is needed get everyone doing it and make it the same for everyone. Its good practise and it’s much easier to say everyone has to do it then only some. Plus if everyone is doing it they can in theory all ask each other for help as they get used to the system.

Laptops don’t worry me its people bringing in their own USB sticks.

[CyberNerd]

FWIW, Becta seem to think Truecrypt is acceptable, they even include a userguide in tehir own documentation:
http://schools.becta.org.uk/upload-d...encryption.odt

[timzim]

Worth noting that BECTA added this rider to their review of suitable encryption software, with regard to Truecrypt:

"Issues have been raised with the high level of complexity of the user interface and configuration processes for typical users. There is a significant probability that inexperienced users will cause irrecoverable damage to their machines/data during the installation process. Extreme care should be taken during the configuration process."

Not disrespecting anyone's skillset of course.

[pete]

@Cybernerd
Yeah, the Becta thumbs-up is why I'm using it.

And wrt compexity, the only real caveat for encrypting the disk is do it on a clean image on mains power (so you can re-image if it breaks) or take an image of the laptop beforehand. The worst that can happen is you have to restore the image.

For removable drives I'm getting tempted by IronKey, mainly because it appears to be machine-agnostic and doesn't require administrator privileges (which traveller mode in truecrypt does), but I haven't got my hands on one to test yet.