The International PGP Home Page has free versions of PGP for more than 12 different OSes, including Atari, Palm, and EPOC. If you need commercial support, PGP Corp. provides products for Windows, Mac, and BlackBerrys. The OpenPGP Alliance is another good resource for other PGP products and links.
Apple’s OS X comes with FileVault, which uses 128-bit AES symmetric encryption. It protects files in user’s home directories, and it allows a master key to be set computerwide in case the original user cannot log on to recover the files.
Microsoft’s EFS (Encryption File System) has been available since Windows 2000. Although it has lots of critics, EFS really is good encryption. Unfortunately, you can’t use it to encrypt the entire disk-only files and folders -- and even then, not system files.
However, the two upper-level enterprise versions of Windows Vista will include a disk-encryption program called BitLocker. BitLocker will encrypt the entire system volume, including system and hibernation files. Users can then tap EFS to protect other volumes or files.
Configurable through group policy, EFS uses 128- and 256-bit AES keys, which can be stored offline or on a motherboard chip called the TPM (Trusted Platform Module). TPM requires a Trusted Computing Group-compliant motherboard, chip set, and BIOS. The recovery password can be saved to a folder, saved to one or several USB keys, or just sent to printer. A domain administrator can also configure group policy to automatically generate recovery passwords and transparently escrow them to Active Directory.
As with EFS and FileVault, the security of the OS still relies on using and securing a strong log-on password. BitLocker can be used in conjunction with a PIN, USB, or smart card multifactor authentication to increase security even more -- no more booting around Windows with a Linux boot disk to steal passwords or data.
Another commercial product I like is GuardianEdge Technologies’ Encryption Plus. It does what BitLocker does, including key escrow and group policy management -- although it doesn’t use a TPM chip. It can also encrypt data on CD-ROMs, DVDs, and PDAs, all of which should be included in any comprehensive enterprise encryption plan.
No matter what the solution, your company should require that all confidential data on portable computers and media be encrypted by default, before you find yourself ending up on the 6 o’clock news.