In two of my recent posts I mentioned the need for encryption in connection with making sure our confidential data stays confidential. However, there is more than one way to implement encryption security, and not all of them meet everyone’s needs. Here are some options:

  • Total disk encryption on the fly, as implemented in Vista Ultimate’s BitLocker
  • File or folder encryption on the fly, as is in Windows 2000 and XP Pro
  • Password-Encrypted files, usually on a file-by-file basis for secure e-mail attachments
  • Password-Encrypted File Vaults

The first is good for protecting server hard drives and the like or those in laptops that are more likely to be lost or stolen. With a desktop machine in your office, it can be a bit of overkill, but does give a nice warm feeling of data security. How well it works in the real world remains to be seen, as Vista is put through its paces over the next few months.

The second is good for sensitive data in certain folders (as opposed to a whole hard drive) and is easy to implement. Just right click a file or folder, select “Properties,” click on the “Advanced” button, and check the box for encryption. However, this method can be susceptible to problems if your Windows installation gets hosed, as they are keyed to the user account used to set the encryption in the first place.

The third method is good for e-mailing sensitive documents. I use Adobe Acrobat to password-encrypt files containing tax returns and pay stubs that I e-mail to bankruptcy trustees. However, this can be tedious on a day-to-day basis, as it requires the entry of a password every time the file is accessed, and is not designed for lots of files encrypted and decrypted on the fly in the background.

The fourth option is good because it password-encrypts a special “container file” that holds your sensitive data. You simply create this vault with a password and move sensitive files and folders into it. Then you enter the password once to open the vault to work on the files (which encrypt and decrypt on the fly as you open, close, or move them in and out of the vault). Programs like TrueCrypt, an open source program available for free at, enable you to map the vault file to a drive letter when you open it. Then you just access those files on the “drive” with your applications as you normally would while TrueCrypt handles the security in the background. It can also encrypt removable media like a flash drive, but the TrueCrypt software must be on the machine that accesses the drive. This is in contrast to Verbatim’s VSafe software, which has the encryption software on the flash drive itself, so it will work on any machine the drive is plugged into. This method allows access to the files by anyone with the software and the password, as opposed to the person whose account encrypted it. You might want to back up the individual files while the vault is open, so you have a decrypted copy in case something happens to the vault, you forget the pssword, or you need to restore to a new drive after a crash without having to install TrueCrypt first. You can always back up to a VSafe encrypted partition on a Verbatim flash drive just to be safe.

What encryption method you use depends on what your needs are, but some sort of data protection should be on your system to protect your files from prying eyes.