What is really at stake when an employee loses his or her notebook? Is it simply a case of informing the insurers and ordering a new one or does a red alert get issued? Well, if your employee's notebook happened to be protected, and the data was secure, then the first option is most probably the one you'll go for. However, if the notebook was full of data that you'd rather not share and there was no real security in place, break the glass and let the alarm bells ring!

What you carry on your notebook may not seem like much, but with theft of mobile equipment for the data rather than the hardware on the increase you should be thinking security. Your data may include customer details and in the wrong hands this is a breach of their rights. Now who's in trouble? I guess that if you are reading this review, though, you already thinking about who reads what and how best to protect everyone's interests.

Black Whole is a software solution that protects notebooks with its encryption, while also providing access control. It has been developed by the guys who secured the U.K. government ministerial red boxes, so it already has a history steeped in good security practice. I am only guessing here but the product's name suggests a huge void, and I reckon if someone's after a notebook protected by the Black Whole solution that's what they'll get - a big fat 'O'.

So how does this solution work and what makes it worthy of praise? Firstly, it is exceptionally easy to install, secondly, it is simple to use and thirdly your users will not fall by the wayside once this solution is configured as your users will see nothing - it all happens on-the-fly!

So what does Black Whole provide? Firstly, secure logon is applied to ensure that only an authorized user gets in. Secondly, an administrator is able to decide whether to encrypt the whole disk for added security or simply those files and folders that represent the highest risk. This means that whatever option has been used for encrypting the data, the information that matters is now protected by triple-DES and will not be deciphered with ease. And, to add to its charm, Black Whole is integrated into the Windows operating system!

The log-in simply requires a user's correct username and password and failure to supply these correctly will trigger a login Failure Notification screen. How this looks will depend on the administrator's settings, as there is a choice between a Black Whole login screen and a standard-looking Windows login screen (which is in fact a secure Black Whole minic). The latter removes the telltale signs of Black Whole being used.

Once the encryption settings have been made, users, unless they possess the correct permissions, will not be able to change them. However, when they save a new file to an encrypted folder, that file will automatically be protected. There are exemptions available, although these again must be set by personnel with sufficient permission. The facility allows files with certain extensions to be saved in an encrypted folder to stay in clear text.

Passwords as we all know are often forgotten but Black Whole provides a recovery mechanism to ensure that users can be logged back in. Local recovery that requires the PUC to be entered, and Remote Recovery using a challenge and response procedure, can have users up and running again with little disruption to their day.

Black Whole also supports multiple users, which is very useful. The Windows password and the Black Whole password can also be synchronized and there are five different user levels available: normal, limited and three admin levels. Normal users have no administration rights and can only use the settings provided, which are presented transparently. Limited users can log on but cannot decrypt or encrypt any files, and this level of user is best provided for maintenance purposes. The different levels given to administrators provide for:
· level 1. Encryption Manger, which is the lowest level - only able to change folder and optionally sub-folders for encryption;
· level 2. Decryption Manager - all the above rights, plus is able to designate which folders and sub-folders are unencrypted;
· level 3. System manager - all the rights of levels 1 and 2 and the ability to define encryption exceptions, set up and configure new users, delete existing users, give or remove administration rights to another.

All the above make the Black Whole solution very flexible for both the user and the IT department. It allows various jobs to be delegated and certain users may be given a higher user status for added flexibility. Whatever the user level, a disk protected by Black Whole is safe from data penetration in the event of it being lost or stolen. Neither the user nor his or her employer have to worry about what the files and folders contained, as they will not be accessible to any unauthorized attempts to read them. This means that losing a laptop or having one stolen is more of an inconvenience than a disaster and the emphasis can then be on replacing the machine rather than the loss of data.

SC On-Line
SC Magazine
www.scmagazine.com