The best choice

This left us with Pointsec for PC, which does in fact meet all of our requirements. It also has offerings for the Palm OS and Pocket PC operating systems and for some of our smart phones. Pointsec for PC uses a preconfigured agent that, when installed on a user's laptop, will seamlessly encrypt the entire hard drive and then modify the master boot record (MBR) so that a user must authenticate to the software embedded in the MBR before being allowed access to the PC.

As you probably know, the MBR is the information in the first sector of a hard drive that identifies where the operating system is located so that it can be booted into memory. Modifying the MBR is risky; if the hard disk is encrypted and the MBR becomes corrupted, the data on the drive is essentially gone. This is a risk that will have to be dealt with through proper backups.

Users, however, will still use their enterprise credentials and authenticate only one time. The software within the MBR will pass the authentication credentials through to the operating system log-in. Once authenticated, the user should see no noticeable degradation in service. The idea is that we'll configure the agent and place it on one of our intranet Web pages. Users who need or simply want to use full-disk encryption will contact the IT department and acquire the software and appropriate instructions.

As with any global deployment, we need to define a help desk support model. Pointsec accomplishes this with a Web-based tool that lets help desk administrators access a single management system to assist users in the event that they are locked out of a mobile device.