eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.
Encryption software are security tools that obfuscate data to render it unreadable without a decryption key. Encryption protects data against unauthorized access or theft, yet the best tool to pick depends heavily on the use case and the solution’s fit with existing needs and resources. In my evaluation of tools, I selected three top solutions in five encryption categories: free file sharing, business file sharing, email, application layer, and end-to-end encryption. Dashboard Ui Design
The top encryption solutions are:
Top Free Encrypted File Sharing
Top Business File Sharing Encryption
The following table provides the type of data encrypted and the pricing for each top solution:
The top free encrypted file sharing software provide a solution to encrypt single files or folders for secure sharing with others. Small office and home office (SOHO) users or users with limited resources should choose one of these three free file sharing encryption tools: 7-Zip, GnuPG, or VeraCrypt.
7-Zip is a free file sharing tool that delivers strong encryption security with worldwide acceptance. It offers support for 89 different foreign languages and most major character sets. First released in 1999, the tool regularly updates to fix bugs, add features, or increase the number of supported languages.
7-Zip is open-source and available to download for free.
I selected 7-Zip because I’ve used it in professional settings for over 15 years to share files with internationally based colleagues, including forensic engineers and other security-sensitive professionals. The tried-and-true track record and wide acceptance of this tool ensures minimal user error when sharing files across a spectrum of skills, operating systems, and languages.
7-Zip provides excellent compression and simple encryption functionality, but for more complex encryption features consider VeraCrypt.
The GNU Privacy Guard (GnuPG or GPG) is a free file sharing tool that also provides a unique option to generate public encryption keys to share files without exchanging passwords. With a track record of nearly 30 years of use, the tool continues to be trusted, updated, and built into other commercially available tools.
GnuPG is a free, open-source tool that comes pre-installed on many Linux distributions and can be downloaded for macOS and PC.
I selected GnuPG because of the shared public encryption key option that enables passwordless secure file sharing. The tool, which comes pre-installed in most Linux distributions, also supports Windows and macOS to enable file sharing with a broad number of users. GnuPG implements the heavily-tested Open Pretty Good Privacy (OpenPGP) open-source encryption standard.
GnuPG provides very secure file exchange options but requires significant technical skill to use correctly. For an easier-to-use tool, consider 7-Zip.
VeraCrypt is an open-source free file sharing encryption software with unique capabilities. One feature can obfuscate file types, which labels the encrypted file to appear to be a different file type. Another option uses two different passwords for an encrypted container to show different content depending upon the password used. Users with strong secrecy needs can combine features to hide data effectively even against potentially involuntary password disclosure.
VeraCrypt is both open-source and available for free download.
I chose VeraCrypt because it offers unique privacy features that can be used by a large range of users on Windows, macOS, and Linux systems. Developed by the French security experts from Idrix, VeraCrypt forks off of the popular, but discontinued, open-source TrueCrypt encryption tool and continues to be developed and improved by Idrix and the VeraCrypt community.
VeraCrypt provides extremely private encryption options, but still requires passwords. For a passwordless option, consider GnuPG.
The best business file sharing encryption software delivers centralized control and additional features required for more professional network security, which are unavailable from free solutions. The top three options include AxCrypt, NordLocker, and Trend Micro Endpoint Encryption.
AxCrypt is a local file encryption and sharing tool that provides simplified administrator management of encryption master keys and subscription licenses. The tool supports laptops and desktops using Windows or macOS as well as iOS or Android mobile devices. AxCrypt encrypts local vaults on the devices or specific files and folders for sharing.
I chose AxCrypt based on high customer satisfaction ratings, ease of deployment, and its basic functionality to provide local drive and shared file encryption. Admins will appreciate the simple administration that pushes more tedious file management tasks to end users.
AxCrypt provides simple management, but can’t enforce endpoint encryption or encryption use by individual users. For more enforcement, consider Trend Micro’s Endpoint Encryption.
NordLocker is a business file sharing encryption tool that deploys a software-as-a-service (SaaS) solution for businesses allowed to use cloud-hosted file sharing platforms. The management console enforces policy and provides recovery options for forgotten passwords. NordLocker synchronizes cloud vaults with designated user vaults, which makes it a good choice for small businesses that want quick deployment and centralized control.
I find that NordLocker provides the typical turnkey experience expected from the Nord family of products that also includes NordVPN, NordLayer, and NordPass. Users can maintain separate local-only encrypted vaults unlimited in size or share files through designated cloud-sync folders. Administrators can manage encryption keys in the cloud for improved control, security, and recovery capabilities.
Sharing files through NordLocker requires placing the files into the cloud environment controlled by NordLocker. For more control over how to share files, consider AxCrypt.
Trend Micro Endpoint Encryption is a full-disk encryption tool that can also provide secure business file sharing. It deploys as an agent to deliver enterprise-wide, centrally managed, and fully enforceable full disk, file, folder, and removable media encryption. Admins can deploy agents to both company and user-owned devices to meet formal encryption and compliance reporting requirements.
I selected Trend Micro’s Endpoint Encryption solution because it enables centralized management control and can enforce compliance requirements such as full drive encryption and secure file sharing. Users can’t evade encryption or expose the business to unnecessary risk for the sake of convenience. The solution supports common PC and macOS devices and extends encryption functions to USB flash or portable hard drives.
Trend Micro enforces strong encryption, but agent and management console installation can be burdensome. For faster deployment and simplified management, consider NordVault.
The top email encryption software provide secure email, seamless integrated experiences for users, and centralized reporting and control. The top general email products, Microsoft 365 and Google Mail, offer encryption options that fail to encrypt email sent to incompatible mail servers. To satisfy secrecy or compliance requirements without investing in a secure gateway, consider an email encryption tool from Cisco Secure Email, Paubox Email Suite, or Proton Mail.
Cisco’s Secure Email Encryption Service provides a quick, easy, and inexpensive plug-in solution for the many users that rely on Microsoft Outlook and 365 email. It uses registered envelopes and a Cisco-hosted temporary vault to ensure that only the correct recipient receives both the message and the decryption key needed to read the encrypted message.
Some resellers list Cisco’s Secure Email Encryption Service at around $25 per user per year. However, Cisco doesn’t publish pricing, so contact Cisco or resellers for formal quotes.
I selected Cisco’s Secure Email Encryption Service because it delivers an easy solution for email encryption needs that users will immediately trust thanks to the Cisco brand name. The service uses a segregated email service that quickly integrates to users’ email accounts for minimal disruption. It’s available as a standalone service or an integrated feature of Cisco Secure Email gateways.
Cisco provides a good solution for Microsoft users, but doesn’t support Gmail. For a HIPAA-compliance-focused product with Gmail support, consider Paubox Email Suite.
The Paubox Email Suite is an email encryption tool optimized for compliance with the United States’ HIPAA regulations to protect healthcare information from unauthorized access. Although the Standard option provides effective email encryption, the Plus and Premium licenses add additional features such as geofencing, spam filtering, malware protection, data loss prevention (DLP), and voicemail transcription.
I chose Paubox for this list because it supports all major business email platforms, implements quickly, and delivers important security and encryption functions even with the lowest level license. More than 5,000 customers trust the solution and send more than 99 million emails monthly.
Paubox delivers a focused solution for HIPAA compliance for specific users, but for a broader solution for an entire team or domain, consider Proton Mail.
Proton Mail is an encrypted email solution to secure an entire email domain or company. The business license for this Swiss-based vendor bundles secure email, privacy, calendar, and VPN solutions to enable additional options for secure access and encrypted file sharing.
I selected Proton Mail for its privacy reputation and focus on a comprehensive encryption solution. Although founded in 2014 through crowdfunding by 10,000 individuals, the centralized management will satisfy most business needs even for the Mail Essentials license. The Business and Enterprise licenses deliver even more value with enterprise level features such as custom DNS, integrated two-factor authentication, and dedicated account managers.
Proton Mail requires full email service migration for users. For minimal user email disruption, consider single-user accounts using the Cisco Secure Email Encryption Service plug-in.
The best application layer encryption (ALE) solutions encrypt application data to protect the modern app environment against breaches from exposed containers, web servers, database servers, and third-party services (shopping carts, credit card processing, etc.). The top ALE solutions to consider include Opaque Systems, Thales CipherTrust, and Vaultree.
Opaque Systems’ Gateway provides a novel ALE solution through encryption defense in depth. The solution delivers a platform to share encrypted data collaboratively that starts with hardware enclaves that segregate encrypted data in memory, even from the operating system or the hypervisor. It then adds additional layers of encryption unique to each party for collaborative calculations and analysis of sensitive data without sharing the data itself.
Opaque doesn’t disclose pricing publicly, so contact them for a quote.
Opaque Systems earns my selection by providing a unique solution to enable secure and consolidated artificial intelligence (AI) analysis on segregated data sets. Different companies can mix data or a company can mix data from multiple regulated sources (EU, California, etc.) with the fully encrypted data protected against leak or commingled data risks.
Opaque provides very focused encryption for sharing data for AI analysis, but for a more comprehensive solution for application encryption, consider Thales CipherTrust.
The Thales CipherTrust Data Security Platform is an ALE solution that not only encrypts databases, but also tokenizes data inside the application and enables encryption key management. These capabilities extend encryption coverage further along data flows between apps, databases, and storage for more complete security. Customers can purchase components individually for partial solutions or purchase pre-packaged or cloud-services bundles.
I picked the Thales solution because it provides flexible options for fully controlled application security throughout the development and deployment process. Their ALE platform combines Vormetric Application Encryption technology with the SafeNet ProtectApp solution with centralized management and software development and operations (DevOps) integration.
Thales CipherTrust provides a comprehensive solution, but requires multiple tools to license, install, and integrate. For a more simple encryption-as-a-service option, consider Vaultree.
Vaultree encrypts data for storage in databases and then encrypts future queries as well to perform encrypted searching. The Vaultree software development kit (SDK) provides plug-and-play encryption for any database client.
I selected Valutree for its fully homomorphic data encryption and query capabilities as well as its focus on the delivery of a very specific service (encrypted queries). This makes their solution easier to understand to quickly determine fit for specialized database search needs.
Valutree delivers fully encrypted database queries, but doesn’t solve other potential application encryption needs. For a broader app encryption solution, consider Thales CipherTrust.
The top end-to-end encryption solutions not only protect data at rest, through transit, and even during use, they also provide centralized management, encryption key management, and security tool integrations. These top multifaceted solutions include IBM Security Guardium, OpenText Voltage, and Virtru.
IBM’s Security Guardium Encryption suite provides end-to-end protection for application data across servers, applications, databases, and containers as well as options to manage encryption keys. These tools combine to fully encapsulate application data at rest, in motion, during analytics, and upon receipt from websites. They also integrate with other IBM enterprise offerings such as certificate management and data security solutions.
I chose IBM Security Guardium Encryption because of the tool’s industry reputation and comprehensive capabilities to protect application data in multiple use cases. The solution not only encrypts data within the application layer, but also provides options for integrated application infrastructure encryption (containers, servers, etc.). IBM’s research into fully homomorphic encryption adds further credibility to the company’s existing brand strength.
IBM Security Guardium Encryption protects applications, but won’t cover file sharing or user endpoint encryption. For a more comprehensive solution, consider OpenText Voltage.
The OpenText Voltage end-to-end encryption solution encompasses a full range of enterprise needs such as file encryption, encrypted email, mobile encryption, secure file collaboration, PCI payment encryption, key management, and more. OpenText provides flexible licensing options and customers can deploy the software locally, in the cloud, or in hybrid environments.
I picked OpenText Voltage because its many different encryption solutions will protect the widest range of enterprise needs. Each solution integrates with each other and third-party tools for enterprise-friendly centralized control, policy consistency, and consolidated reporting to existing security tools. OpenText Voltage was formerly known as Micro Focus Voltage or HPE Voltage.
OpenText Voltage covers enterprise needs end-to-end, but many will struggle to price and manage the complex solution. For clear pricing and less complexity, consider Virtru.
The Virtru end-to-end encryption solution provides transparent pricing and zero-trust access by wrapping data with trusted data format (TDF) format files. TDF files granularly track permissions, expirations, and revocations as well as remain fully encrypted to provide end-to-end access governance even after delivery.
I selected Virtru because of its transparent pricing, encryption capabilities, and compliance reporting support. Founded in 2011, the solution builds on TDF standard developed by Virtru co-founder Will Ackerly and currently serves over 6,700 customers. Unlike simple file sharing and email encryption solutions, Virtru automatically encrypts without a hosted portal requirement, enables self-hosted solutions, and provides encryption key management solutions.
Virtru enables secure file sharing, but doesn’t protect application data. To provide end-to-end protection for application data, consider IBM Security Guardium Encryption.
Despite some availability, quantum chips suffer errors and stability issues, so encryption cracking with quantum computers remains a few technology generations away. However, many organizations with high security concerns look to develop quantum-safe cryptography ASAP in preparation for this eventuality.
The US National Institute of Standards and Technology (NIST) approved quantum-safe cryptographic algorithms, and other research informs the following initial quantum resistant encryption solutions:
For those unwilling to become an early adopter, current encryption standards can remain quantum-resistant through larger key size use, layers of encryption, and careful encryption key management.
The top benefit for all encryption is that the software scrambles data to render breached information unreadable. However, encryption tools focus on specific types of data and different tools offer different levels of protection, compliance support, integration complexity, maintenance, and control.
The best encryption software will maximize the pros (improved security and decreased breach damages) as well as minimize the cons (slower performance and increased resource drain). Fortunately, the four-phased process to identify, match, compare, and test potential solutions provides an effective guide to identify the best encryption software for your business needs.
The first step requires an internal needs assessment to determine the requirements that any potential encryption solution must meet.
After internal need identification, check the potential solutions in the market to determine what encryption tools satisfy the requirements.
A good number of tools should match the requirements, so the next step is to compare these solutions against each other to create a ranked list of contenders.
A comparison yields a short list of contending encryption solutions, so now comes the test drive to see if the theory matches the actual performance.
At the end of this process, pick your favorite solution that passed all of the remaining tests. Just keep in mind that encryption only provides one layer of security and doesn’t provide a magic solution that eliminates all other security risks.
To develop this list of 15 solutions, I first researched encryption categories to determine the major business needs and encryption types. Then, based upon product reviews, industry discussions, and industry rankings, the list was narrowed to the top candidates based on tool features, price, prominence, integrations, centralized encryption controls, key management, and other available options.
Encryption is frequently added as features of other tools such as endpoint detection and response. Encryption accelerating hardware can also be added to various computer systems as options to enhance security. However, this article expects potential encryption tool buyers to be focused on standalone solutions instead of features or options. Therefore, I excluded such partial solutions from this list.
Breached data costs so much more to a company when unencrypted. Encrypted breaches protect against regulatory disclosure requirements, lawsuits, regulatory fines, and more. Put encryption in place now to protect against a breach.
However, future quantum computing advances will break the minimum encryption standards in place today. Today’s safe encrypted data breach may become tomorrow’s exposed data. Start investigating opportunities to apply more advanced encryption, multiple layers of encryption, or other additional safeguards today to defend against future threats.
To deploy effective encryption, consider learning about best practices for strong encryption.
Strengthen your organization’s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday
Powerpoint Design Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.