It's safe to assume that you will, at some point, be hacked. However, if you're using Microsoft's popular operating system, there is a way to encrypt files and folders in Windows 10 – rendering it useless to anyone that does get hold of it.

By using encryption, users can convert their sensitive data into a code of jumbled numbers, which can lower the risk of infiltration, theft and subsequent fraud.

Windows 10's built in encryption tool is relatively easy to use and. once configured, will place a lock symbol on the file or folder - signifying that a password is required to access its contents.

There are a few points to remember here. Firstly, an encrypted file can lose its encryption when transmitted via a network or email. You need to extract the contents of a compressed file or folder before you encrypt it. The tool doesn't necessarily protect files from being deleted and you should always backup encrypted data and store it offline.

How to encrypt files and folders in Windows 10

There are a number of ways to encrypt files and folders in Windows 10. For the purpose of this guide, we will be covering the following tools:

• Windows encrypted file system (EFS)
• BitLocker

Note: The PC owner can access an EFS-encrypted file locally, but the files will remain inaccessible for all other user accounts. You may also use a DVD or portable hard disk to backup your encryption key.

The next section will cover BitLocker – a full-disk encryption solution that enables you to encrypt an entire hard drive at once. When combined with a PC’s trusted platform module (TPM), BitLocker can provide advanced security features, including hardware-level encryption. Your computer needs a TPM chip version of 1.2 or later to support BitLocker.

To check if your computer has a TPM chip: Press the Windows key + X, click Device Manager, then Security Devices. Look for the 'Trusted Platform Module' drop down and open it up to see the version number.

Like EFS-based encryption, you now have a few options to save a recovery key to regain access to your files if you lose or forget your password. Here’s is a list of options available:

• Save to your Microsoft account
• Save to a USB flash drive
• Save to a file
• Print the recovery

Upon reboot, BitLocker will prompt you to enter your encryption password to unlock the drive. Type the password and press “Enter.” You can verify BitLocker is turned on by looking for a padlock icon on your encrypted drive’s thumbnail.

BitLocker doesn’t support dynamic disc encryption. Decryption may take a while, depending on the size of your encrypted drive. However, you can continue using your computer during the encryption.

A security system is only as strong as its weakest point, which is why it helps to take small but decisive steps toward data encryption.

BitLocker can protect PCs’ operating systems against offline attacks, and EFS offers additional file-level encryption for security separation between multiple users of the same computer. You can also combine protections by choosing to use EFS to encrypt files on a BitLocker-protected drive.

It seems that encryption has been firmly established as the whipping boy du jour for pearl-clutching, public-safety panic merchants. Specifically, it's encrypted messaging services like WhatsApp and iMessage that have found themselves in the crosshairs.

Following last week's terror attack by the Houses of Parliament, it has emerged that the killer was communicating with someone via WhatsApp in the moments preceding his assault. It has been speculated although not confirmed that he may have been in contact with someone who conspired with him to plan the attack, although this afternoon the Met Police have said there's no evidence he was directed by Islamic State.

This has fuelled fresh calls to severely weaken or outright ban the use of encryption by such services to secure their messages, echoing last year's fierce debate over whether or not Apple should hack the iPhone of the San Bernardino killer. It's worth noting at this point that even though a third-party company did eventually hack into Syed Farook's phone, there is no indication that it offered any actionable intelligence.

Nevertheless, home secretary Amber Rudd and other Tory MPs are using this tragedy as an excuse to castigate and demonise encryption, with talk of coercing tech companies into installing backdoors into their code. It's not the first time the government has proposed this, either; it was included in early versions of the Snooper's Charter, but was ultimately dropped from the bill.

Naturally, the idea of messing with encryption has got the tech sector up in arms. Critics have called it "deeply misguided" and other (less printable) things. Supporters of the plan say that spies need to be able to read the messages of terror suspects, but experts are queuing up to tell Rudd and the rest of the anti-crypto club that technology simply doesn't work that way.

In an exchange that would be funny if it weren't so deeply depressing, Conservative MP Nadine Dorries made the case that WhatsApp should "develop a terrorist related exception" to encryption technology - presumably this is some kind of Java-based magic wand that would allow GCHQ to hack only the baddies'.

This, along with Rudd's laughable quote that we need people who "understand the necessary hashtags", betrays a deep lack of technological knowledge throughout government. Of course, one would hope that the country's elected leaders have better things to do than immersing themselves in the finer points of C++ and Python, but on the other hand, having one of the country's top ministers saying things like "we don't want to go into the cloud" is embarrassing, especially when she clearly doesn't have the faintest idea what it means.

The experts are right, of course; if government spooks can read the WhatsApp messages of one terrorist, they can read the messages of everyone, from the 12-year-old at the bus stop all the way to the Pope. (This is assuming he doesn't use a rival app, of course - PopeChat, perhaps.)

This is troubling for a number of reasons, most notably from a privacy standpoint. Naturally, the public has been assured that they won't be covertly spied on by the intelligence services, who pinkie-promise that they'd only look at terrorists' communications. We're expected to take this on faith, but incidents like the Snowden leaks suggest that perhaps the government's methods aren't always unimpeachable.

We've also got to consider what future governments could do with any anti-encryption laws. If an anti-democratic, fascistic party found itself in power, for example, these laws could be very easily used to identify and round up immigrants, LGBTQ people and other undesirables'. It's a lot easier to grant powers than it is take them away and this goes double when applied to governments.

Here's the thing, though: aside from the many legal, political and ethical issues with installing backdoors into services like WhatsApp, the biggest problem is practical. The fact is, there's simply no way to block the use of encryption on a technical level. Theresa May could force WhatsApp to stop encrypting its messages, but how long do you think it would take terrorists to simply switch to a different app?

Not only are there innumerable encrypted chat apps available for web and mobile devices, there's also plenty of free resources online to help you build your own, meaning that even an outright ban on encryption wouldn't work. If there's one thing you learn on the internet, it's that there's always a workaround.

Any steps to weaken the encryption of WhatsApp and other services would almost certainly do nothing to help fight terrorism. Instead, all it's likely to do is force terrorists to use even less visible means of communication, whilst simultaneously putting the safety and privacy of innocent people at risk.

Despite the repeated protestations of the security and technology communities, the government continues to revisit this stunningly ignorant and fundamentally flawed plan. Before it goes any further, you should know that Rudd and her cronies aren't just declaring war on WhatsApp - they're endangering your freedoms too.

If you're getting rid of your old laptops or hard drives, making sure that all your data is wiped off them first can be a pain. After all, the last thing you want is some nefarious dumpster-diver recovering your personal information or documents. However, while traditional methods are all well and good, there's nothing like the peace of mind that comes from smashing your storage devices into tiny little pieces with some heavy machinery (if your kit is slow and frustrating to use then this is also pretty stress-relieving).

That's exactly what security company F-Secure has done, with some help from the Hydraulic Press Channel on YouTube. Using an industrial-grade press, they obliterated several different kinds of storage media and other tech, including hard drives, floppy disks, mobile phones and even (with the help of some liquid nitrogen) an office printer.

The people at Hydraulic Press also used an air cannon to destroy other items, including a tablet, a laptop and more. The results were even more spectacular, with chunks of circuitry and shards of plastic flying as the cannon demolished hardware.

Alan Turing is considered to be one of the fathers of computer science. He played a crucial role in World War II counter intelligence and worked for the Government Code and Cypher School at Bletchley Park.

He was also responsible for breaking a large number of Nazi ciphers, including the German Enigma code. After the war, Turing continued his work as a pioneer computer engineer, and developed what's considered to be one of the first designs for a stored-program computer.

But it seems code breaking wasn't Turing's only talent.

Now the earliest known recording of computer-generated music, created more than 65 years ago, has been restored by the University of Canterbury. But the interesting thing is that it was created on computer programming techniques devised by Turing himself.

Here's the story. In 1951, a BBC outside-broadcast unit in Manchester used a portable acetate disc cutter to capture three melodies played by a primeval computer. This gigantic computer filled much of the ground floor of pioneering British computer scientist Alan Turing's Computing Machine Laboratory.

Now, decades later, director of the Turing Archive for the History of Computing, Professor Jack Copeland, and his fellow researcher UC alumni and composer Jason Long, have restored the music. However, it has not been so easy. The researchers had to do some electronic sleuthing to recreate the historic sound accurately.

"Today all that remains of the recording session is a 12-inch single-sided acetate disc, cut by the BBC's technician while the computer played. The computer itself was scrapped long ago, so the archived recording is our only window on that historic soundscape," said the researchers.

"What a disappointment it was, therefore, to discover that the frequencies in the recording were not accurate: the recording gave at best only a rough impression of how the computer sounded."

They found that there was a deviation in the speed of the recording, probably as a result of the turntable in BBC's portable disc cutter rotating too fast. But, with some electronic detective work, it proved possible to restore the recording with the result that the true sound of this ancestral computer can be heard once again, for the first time in more than half a century.

The computer music researchers were then able to calculate exactly how much the recording had to be speeded up in order to reproduce the original sound of the computer.

"As well as increasing the speed and so altering the frequencies we also filtered out extraneous noise from the recording; and using pitch-correction software we removed the effects of a troublesome wobble in the speed of the recording," added the researchers.

"It was a beautiful moment when we first heard the true sound of Turing's computer."

The complete 1951 recording, including God Save the King, nursery rhyme Baa Baa Black Sheep and Glenn Miller hit In The Mood, can be heard here over at the university's website.

Two laptops are lost or misplaced every day on the London Underground, according to new figures from Transport for London (TfL).

More than 3,500 laptops have been reported lost in the last five years, according to data obtained by memory and storage company Crucial, representing an increase of almost 80 per cent since 2010.

In addition to this, more than 800 laptops have been reported missing at major Network Rail stations, including Kings Cross, Birmingham New Street and Glasgow.

Losing work devices poses a serious security risk to enterprises, Crucial warned, because they can contain sensitive or business-critical information that can easily be exploited by cybercriminals.

"The data from Transport for London and Network Rail is only giving us a glimpse of the data security issue in the UK," said Jonathan Weech, Crucial's senior product manager for SSDs.

"Consider also the number of laptops that have been hacked and it really starts to demonstrate how vulnerable our data really is, and how easily it can get into the wrong hands."

Weech highlighted the importance of taking as many steps as possible to protect your information, saying "self-encrypting hardware can keep your confidential data out of the reach of hackers and data thieves".

"Comparing software-based encryption and hardware-based encryption is like comparing a padlock to a vault," he explained. "When it comes to data security hardware-based encryption is a much stronger option for protecting data than software-based encryption, or worst of all, no encryption."

The head of MI5 has called on social networks to do more to report suspicious users on their networks.

In a live interview on Radio 4's Today programme, the first by a serving British security chief, Andrew Parker said that more online surveillance powers were required by spooks and added that terrorists posed a greatest threat to the public in more than 30 years.

Parker said that Islamic State was regularly using social networks to recruit members and plan attacks, adding that Facebook, Twitter and other platforms had a responsibility to report terrorist and other criminal activities to law enforcement agencies.

He said the programme that some of the social media companies "operate arrangements for their own purposes under their codes of practice, which cause them to close accounts sometimes because of what is carried".

"There is then a question about why not come forward?' If there is something that concerns terrorism, or child sex exploitation or concerns some other appalling area of crime, why would the company not come forward? That was the question the ISC was raising."

In a statement published after the interview, Parker said that MI5 was "being stretched by a growing threat from terrorism, and from Syria in particular, combined with the constant challenge of technological change.

"The way we work these days has changed as technology has advanced. Our success depends on us and our partner agencies having sufficient up-to-date capabilities, used within a clear framework of law against those who threaten this country."

The spy chief also warned over online encryption and said that advances in technology would cause terror suspects to "go dark".

"I welcome government's intent to update the legal framework accordingly and to make our powers more transparent. Keeping our laws up to date in this area can only be a good thing in a free, democratic country the very thing MI5 exists to protect. We need to be able to operate in secret if we are to succeed against those who mean the UK harm. But the capabilities we use can be described more fully in law.

"We take our legal and ethical duty to use these powers proportionately extremely seriously. We never use them for the sake of it and do not trawl at will through people's private lives."

UK internet body ISPA responded to the interview in a statement saying that it believes law enforcement should have reasonable access to communications data as long as the governing legislation has appropriate safeguards, oversight arrangements and does not damage inward investment and the UK's position as a leading place to do business online.

"ISPA calls on the Home Office to follow the advice of Parliament and consult with industry and the wider Internet community on the Investigatory Powers Bill," said Nicholas Lansman, ISPA Secretary General.

"It is important to get the balance right between privacy, security, maintaining user trust and the cost to industry as key issues such as retaining third party data, judicial oversight and data hosted abroad are discussed."

A new strain of ransomware styled on TV show Breaking Bad has been uncovered by Symantec.

The malware features the logo and branding of the programme's meth lab, a fictional fried chicken shop called Los Pollos Hermanos, as well as also referencing lead character Walter White.

The email address provided for "support related enquiries" is based on a popular quote from the show, "I am the one who knocks".

The threat is targeting Australian computers and encrypts users' files until they pay the attackers in the hard-to-tracedigital currency, Bitcoin.

The hackers demand an initial payment of AU$450 (228.95), which then rises to AU$1000 (508.79) if not delivered within a specified time.

Symantec believes that targets are infected through email phishing campaign, using a ZIP archive masquerading as a file from a major courier firm.

The security team wrote in a blog post: "When executed, [this] downloads the crypto ransomware onto the victim's computer. The threat also downloads and opens a legitimate .pdf file to trick users into thinking that the initial zip archive was not a malicious file."

It added that attackers may be using elements from an open-source penetration testing project that uses Microsoft Powershell to remotely execute script.

The malware targets almost 40 different types of file extension, including audio, video, document and archive files.

This isn't the first time that malware authors have displayed a sense of humour. The very first virus, Cascade, caused all of the text on a user's screen to fall off', giving the appearance of a heap of characters at the bottom of the screen.

Guest editor's view

TechUK CEO Julian David says: The concept of the charming bad guy with a sense of occasion and sense of humour has a long history from Dick Turpin to the Pink Panther. So I guess we should not be surprised that cybercriminals are adopting the funny guy approach. The bottom line is that the people who do this are not entertainers they are criminals and they can destroy businesses and lives. Perhaps the most disturbing part of this is that these criminals have the time and resources to add such flourishes to their efforts to rip people off.

Apple has put out new versions of its Safari web browser for OS X to fix a number of vulnerabilities that could enable hackers to run malicious code on a Mac.

In a security advisory, Apple warned that 17 bugs affect Safari 8.0.4 for OS X 10.10 Yosemite, Safari 7.1.4 for OS X 10.9 Mavericks and Safari 6.2.4 for OS X 10.8 Mountain Lion.

The first patch fixes a number of memory corruption problems in WebKit that could lead to an unexpected application termination or arbitrary code execution. Apple said that these issues were addressed through improved memory handling.

The second vulnerability concerned a user interface inconsistency in Safari itself that could prevent users from discerning a phishing attack. An attacker could misrepresent the URL in the browser, folling the user into thinking a website was genuine. Apple said this was fixed by improving user interface consistency checks.

Users can download the latest Safari versions 8.0.4, 7.1.4 and 6.2.4 for free through Software Update.

Apple did not give any further detail on the bugs or whether they had been exploited by criminals.

"For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available," according to the website notice.

The patches comes days after Apple was forced to roll out a number of security updates.

Apple, as well as Microsoft and Google, have had to rush up fixes caused by the FREAK vulnerability, discovered in March.

The FREAK or Factoring Attack on RSA-EXPORT Keys flaw, is an SSL vulnerability that resulted from a ruling by the US government in the nineties that banned the export of strong encryption.

Yahoo is to follow Google in rolling out end-to-end encryption for users of its email service in a bid to keep users' correspondence private.

Announcing the move at the Black Hat security conference in Las Vegas, Yahoo's chief security officer Alex Stamos said that, from the Autumn, it would be rolling out PGP encryption to users.

This will be offered through a modified version of technology used by Google to secure its Gmail service. It will be enabled via a browser plug-in.

A few months ago, Google also announced plans to offer a Chrome browser extension to allow its users to encrypt emails. Yahoo's encryption will be compatible with that of Google's.

Two users with the plug-in enabled will be able to send each other emails with the data encrypted, making it unreadable to anyone but the sender and recipient. While it's been possible to encrypt emails for a number of years, such technology has been beyond the capabilities of most people. The plug-ins aim to simplify this process.

"If an activist in Sudan wants to email a human rights organization's gmail address and they have encryption set up for it, it will automatically detect that and offer them the option to encrypt," Stamos told delegates at the conference.

While the subject line won't be encrypted, the rest of the main body of content will. Such encryption means that neither Yahoo nor Google would then be able to scan through the content in order to serve up matching advertising. Stamos, however, predicted there would be no adverse impact on revenue by introducing the measure.

The firm has also updated its mobile email apps for the iPhone and iPad. In a tweet, Stamos said this mobile app will natively run the encryption found in the browser plug-in.

The updated apps will also enhance search functionality, making it easier for users to find people and messages they require via its Smart Search Suggestions.

Android versions of the email app are expected in the coming weeks.

The latest story to hit the headlines as a result of the Edward Snowden leaks is that the US National Security Agency (NSA) has a $79m (48m) research project called 'Penetrating Hard Targets' which in part wants to construct a "cryptologically useful quantum computer" which would break all forms of public-key encryption known to man. Which begs the question what are quantum computers and quantum cryptography, and how worried should we be about them?

Quantum computing 101

Richard Feynman, the famed theoretical physicist perhaps best known for his work on the atomic bomb but also one of the pioneers in quantum mechanical theory, once sagely said that "if you think you understand quantum mechanics, you don't understand quantum mechanics" which isn't the greatest starting point for a feature explaining anything 'quantum' you might think.

However, understanding the potential impact of quantum computing in general and quantum cryptography in particular is more important that growing a brain the size of Brazil and writing A Brief History of Quantum Physics. It's less about the theoretical specifics and more about the specific practicalities, if that makes sense.

Having said that, let's have a go at rounding up what quantum is. The first thing to appreciate is what it is not, and that is anything new. Feynman was writing about the whole quantum shebang in 1982, and I've been reading about it for close on twenty years now. Something else it isn't is a reality, in any kind of practical way at any rate.

What it is, then, in as simplistic an explanation as I can manage, is a process of computing that does not process data by passing electrons through transistors and encoding them into binary digits. Instead, it uses qubits, or caged atoms if you prefer, which are an entirely different beast.

Different as unlike a binary digit which can be either a zero or a one, as can a qubit, the qubit can be both at the same time courtesy of a process of superpositioning. If you can reach a point in your head where that makes any kind of sense, then you are ready for the acceptance that in the quantum computing world the problem and its solution, in fact every possible solution, can be processed at the same time.

As we move this basic concept into the world of cryptography and security, it doesn't get any the easier and the main protagonist is something known as entanglement. This describes when a whole bunch of quantum particles get connected together, and if any of those particles is impacted by an external measurement then all the connected particles are also impacted even if at the total opposite end of the particle chain as it were.

Entanglement holds the key, if you will excuse the obvious pun, to the concept of quantum cryptography. Although it is easy to make the mistake of thinking that this is another advance towards that holy grail of security technology which is 'unbreakable' encryption, that's not actually the case; what quantum cryptography promises to deliver is rather a method to ensure the secrecy of encrypted data.

Why is this distinction such an important one? Well that is easy to explain, and understand, because if any attempt to snoop on encrypted data being transported via a quantum channel is made then that act of snooping will 'disturb' the qubits and the entanglement process would make that attempt visible and the flow of data would immediately stop.

It gets better, the packet that has been 'seen' would also be destroyed because the entangled qubit chain would be broken, and another quantum encrypted packet would have to be sent. The very act of 'seeing' the data is enough to destroy it in transit, and that makes for a very secure method of distributing data.

In my best Sheldon Cooper voice this uses the Heisenberg Uncertainty Principle that, in layman's term, says you cannot observe something without changing that which you are observing. Note that 'very' isn't the same as '100 per cent' though, and regular readers of IT Pro will be well aware that we have gone to great pains to point out that there is no such thing as 100 per cent secure data. For good reason: there are always weak points that offer the potential for exploitation.

A quantum of practicality

Some five years ago the theory went practical as research scientists strung together a quantum cryptographically secure network across 200km of standard commercial fibre optic cabling, and in the process securely connected six locations around Vienna. Single photons (the basic unit of light with quantum properties as discovered by Einstein) fired a million times per second along the fibre optic cables between the network nodes, while light detectors at the nodes spotted these photons and determined a secret key from them in order to encode the data across that communications channel.

However, as has been noted by some researchers working in the quantum field, the lasers that fire out the single photons get it wrong and fire out multiple photons occasionally then snooping not noticed by entanglement can happen.

Getting around such problems with a device-independent protocol has proved harder than might have been thought. Not least that such protocols have to treat the quantum cryptography process as a one-off; whereas in the real world not even the NSA can afford to use the kit once and then replace it all every single time. Quantum computers and quantum cryptography development is expensive enough an area as it is without throwing the practical spanner of disposable quantum devices into the theoretical works.

Not all its cracked up to be

OK, so that's the explanation bit, but where does that leave the NSA today and the enterprise looking over its shoulder at the possibility of a super-decryptor computer snooping on all their data? I've had conversations with respected IT security researchers who pretty much rule serious quantum crypto, or quantum key distribution, out of the enterprise picture for the foreseeable future.

They say that the combination of distance limitations, hardware implementation costs and the small matter of it not being as secure as it promises to be will see to that. The truth is that real-world quantum computers show no convincing signs of making the jump from research lab to real world enterprise, despite some recent advances such as a team of Oxford and Simon Fraser University boffins managing to 'sustain a quantum state for 39 minutes'. This is a giant leap for the science, maintaining the superposition state of qubits at room temperature rather than -269C, but only a tiny inching towards anything actually practical.

The truth is, as evidenced by the science and the Snowden documents, that it seems very unlikely indeed that the NSA is no closer to building a working quantum computer with any practical implications on data privacy than anyone else.

Yes, such a working code-breaking quantum computer would open the doors to making existing encryption standards useless, those doors remain firmly closed for now and are likely to do so for quite some years to come. Given just how fragile quantum computing prototypes are, being hugely susceptible to environmental changes, the chances of building one with enough qubits (at least in the hundreds, and possibly thousands according to some) to perform the kind of encryption breaking calculations that some folk are worried about seem pretty low right now.

After all, if all it took was a few million pounds then why wouldn't the cash-rich giants of the technology business have beaten the secret squirrels to it already? What Edward Snowden has taught us about quantum cryptology, as with so many other things, is that just because the NSA wants something that doesn't mean it's going to get it all it's own way...

Security researchers said that over 250,000 computers have been infected by Cryptolocker malware and have managed to extort almost $1 million from victims.

The ransomware encrypts user's important files and then demands money in return for decrypting them. Researchers from Dell Secureworks estimated that "200,000 to 250,000 systems were infected globally in the first 100 days of the CryptoLocker threat."

The researchers said that the criminals have managed to amass 1,216 bitcoins since September. Had the hackers immediately exchange bitcoins into dollars, the cash pile would have amounted to $380,000. If however, they held onto the money and exchanged them as of last week, that figure rises to $980,000, based on the current weighted price of $804/BTC.

Unlike other malware, even if Cryptolocker is removed, there is no way the encrypted files can be decrypted. Decryption keys are stored on one of many Cryptolocker servers. The files can only be restored by paying the ransom.

"By using a sound implementation and following best practices, the authors of Cryptolocker have created a robust program that is difficult to circumvent," SecureWorks said in a blog post. "Instead of using a custom, cryptographic implementation like many other malware families, Cryptolocker uses strong third-party certified cryptography offered by Microsoft's CryptoAPI."

According to the researchers, the malware has targeted English-speakers, specifically those located in the United States. "Malware authors from Russia and Eastern Europe, where the CryptoLocker authors are thought to originate, commonly target victims in North America and Western Europe," the researchers said.

The security researchers said that the early versions of the malware were distributed through spam emails targeting business professionals rather than home internet users. The malware used the lure of a customer complaint against the recipient to start the infection and encryption process.

According to Secureworks, the brains behind the malware have previous experience in malware development and distribution, especially of ransomware.

"Based on the duration and scale of attacks, they also appear to have the established and substantial "real world" infrastructure necessary to "cash out" ransoms and launder the proceeds," the researchers said.

Windows 8 has been around long enough now for any small business considering the upgrade to know if it's a good fit for them.

However, there's one question that should always be at the forefront of any IT pro's mind when planning a move to the new operating system (OS) that, unfortunately, often isn't. And, that question is, just how secure is Windows 8?

Security assessment

Sarah Shields, executive director of consumer and small Business at Microsoft OEM partner Dell UK & Ireland, said Windows 8's new features should make the product more secure than previous versions of the OS.

A number of internal features in Windows 8 security have been improved.

The new Refresh' application that restores Windows in minutes, but will keep all personal data and vital setting secure is one of the new security features that Shields rates.

She also told IT Pro that Windows 8 should "automatically improve" network connectivity for users.

"It will give employees enhanced mobile broadband when working away from a PC with the benefit of the system checking across the available Wi-Fi connections and automatically connect the user to the one providing the best bandwidth," she claimed.

Mark Austin, chief technology officer of Windows security software firm Avecto, said he is a fan of the new Trusted Boot' feature on Windows 8, which protects a PC's booting up process from malware attacks.

"As malware gets more sophisticated, rootkits have become more prevalent, as they can bury themselves deep in the operating system and cloak themselves from detection, often hijacking the boot process itself by overwriting the master boot record," Austin explained.

The hardware view

Joseph Souren, vice president of hardware security vendor Wave Systems, is a self-confessed fan of Windows 8 security.

"Windows 8 represents a powerful endorsement of open industry standard for hardware embedded security," he said.

"It comes in response to a constantly evolving cyber landscape, epitomised by the threat of sophisticated boot sector viruses, compliance with data protection laws, an increasingly mobile workforce and porous network perimeters.

"The new OS also brings fresh capability for the management of virtual smart cards and DirectAccess, allowing enterprise users to establish their identity using the machine as a token-for-network logon, negating the need for tens of passwords which fail to live up to the current threats we face," he added.

The Trusted Boot technology comprises three components UEFI Secured Boot, Early-launch Anti-Malware (ELAM) and Measured Boot that ensure that Windows only boots up if it is free from rootkits and other malware, Austin explained.

"It does this by only allowing trusted software to execute during the boot process and ensuring that anti-malware software loads much earlier [and] before other components and drivers," he said.

"The boot process is also validated through measurements, which are stored on the TPM chip."

Wolfgang Kandek, chief technical officer at IT security vendor Qualys, also flagged up the changes Microsoft has made to Windows Defender.

"Defender is now more comprehensive and the formerly separate Microsoft product, Security Essentials, an anti-virus package, has been integrated," he said.

"This package is included on Windows 8 by default, offering a more secure solution out of the box for end-users and SMB organisations."

However, firms that need management capabilities, such as reports on machine update statuses and alerts about neutralised malware will need to procure an enterprise malware solution, advised Kandek.

"A number of internal features in Windows 8 security have been improved. Its memory management has added randomisation, making the writing of exploit code harder," he added.

"There are also the new Windows Runtime (RT) applications that will benefit from a default Sandboxing technology, providing another layer of security against exploits by attackers."

And the downsides?

Avecto's Austin contradicts Kandek by citing the inclusion of the enhanced version of Windows Defender as a potential downside.

"Although [it] is a positive step in some respects, it has the danger of giving organisations a false sense of security, as it shouldn't be relied upon to protect against malware threats," he said.

"The nature of malware attacks has changed and more sophisticated security technology and proactive measures are required to protect against these threats.

"It is important to always take a defence-in-depth strategy to security, and to not rely solely on the built-in features of the operating system," he warned.

Kandek also sounded a cautious note about how the newness of Windows 8 could leave users exposed to security risks, as businesses tend to opt for products that are mature, stable and well-supported.

"The radical change that Windows has undergone means that small businesses will be taking more of a plunge if they move to Windows 8," he said

"The architecture of Windows RT systems is completely different and will need different processes and tools to be secured."

He also claimed some of the new security capabilities that Windows 8 offers will require certified hardware, which means older units may be unable to support improvements.

Securing Windows 8 is like securing three different operating systems: a legacy Windows desktop: a Windows RunTime and a Windows RunTime running on ARM-based systems.

"This will make it much more difficult for a small business to implement security strategies," he added.

"Organisations that use Windows 8 systems based on x86 technology [PCs] can ensure that existing security tools can continue to be used...but is less clear for systems based on Windows RunTime, [such as] the current Windows Surface tablets."

Secure migrations

So, how can a small business considering the move to Windows 8 ensure the change does not impact on the security of its data and the networks it sits upon?

Qualys's Kandek reckons SMBs will benefit immediately from refreshing their old hardware and the additional security technologies that Windows 8 brings.

The malware test

There is a case for MRDA (Many Rice-Davies Applies) when one security vendor product tests the offerings of another, but recent research from Bitdefender suggests Windows 8 users may find themselves susceptible to malware.

"Windows 8, with Windows Defender running, was infected by 61 of the 385 most popular malware samples in a controlled test carried out by leading virus researchers over the past week," the company said in a statement.

"As a means of protecting a computer from viruses, data theft and other type of malware, Windows Defender is better than nothing," said Catalin Cosoi, chief security strategist at Bitdefender. "But it's not a whole lot better."

"The migration of normal PCs to Windows 8 is straightforward and the included security technologies, such as the improved Windows Defender, can be considered adequate [enough] for most SMBs," he said.

"A bigger obstacle might be the completely different user interface that will require flexibility and an additional leaning effort from users."

Austin also doubts the move to Windows 8 will cause many problems for SMB users, as long as the vendors the business partners with have updated their solutions to be fully compatible.

That being said, "it is important to treat the inbuilt security features of Windows 8 as providing an increased level of protection, as opposed to a replacement for existing security measures," he said.

"The inclusion of SkyDrive probably poses the biggest threat to the security of a business's data, although this threat also exists on Windows 7, assuming users have been allowed to install cloud based storage applications, such as SkyDrive and DropBox.

"Implementing controls around the movement and encryption of corporate data should be one of the biggest concerns for a business when moving to Windows 8," Austin concluded.

Cryptocard, the UK authentication specialist, has been bought up by US encryption company SafeNet for an undisclosed sum.

The deal will see Safenet acquire Cryptocard's Blackshield cloud platform, which allows organisations to use legacy authentication servers and tokens to secure remote access to virtual desktop infrastructure and cloud platforms. It also includes the company's Fully Trust Authentication service.

By 2017, more than 50 per cent of enterprises will choose cloud-based services as the delivery option for new or refreshed user authentication implementations.

"As data continues to proliferate and move beyond traditional perimeters, both enterprise and government customers are demanding solutions that protect and control data and identities across networks, mobile devices and to and from the cloud," said president and chief executive (CEO) of SafeNet, Chris Fedde.

Analysts have forecast big growth in the authentication market. According to Gartner's Ant Allan, it will increase by around 30 per cent over the next twelve months.

"By 2017, more than 50 per cent of enterprises will choose cloud-based services as the delivery option for new or refreshed user authentication implementations, up from less than 10 per cent today," said Allan.

"However, it is likely that on-premise solutions will persist, especially in more risk averse enterprises that want to retain control of identity administration, credentialing and verification."

The acquisition is the latest in a wave of consolidation in the cloud security market. Last week, Trustwave announced it was acquiring cloud security research firm M86.

Symantec has made a portion of its O3 product announced last October generally available, yet two-thirds of the overall package is not ready yet.

The O3 offering, which looks to deal with identity management and data loss protection (DLP) in the cloud, consists of three separate parts.

The first is the authentication level, which is ready now, allowing customers to push their in-house identity management policies out to the cloud. It does so by pushing these policies out from Symantec datacentres to end user devices, much in the same way Silicon Valley start-up Zscaler does.

The second part of O3 is the information security layer, which uses Symantec's existing DLP and PGP encryption solutions to protect the data itself.

If you have loads of devices and datacentres, you need access control. That is something Zscaler doesn't have.

Then there is the auditing aspect to O3, which alerts companies to security events so they can move to shore up holes in their cloud infrastrucure.

Those two latter parts are currently unavailable. Symantec spokespeople told IT Pro they would be ready at some point this year, but could not confirm anything more specific.

Once all of 03 is ready, it will be competing with RSA and Zscaler's unnamed cloud identity management product, which mixes the latter's web gateway offering with the former's authentication technology.

However, Symantec's group president for enterprise products and services Francis deSouza told IT Pro at the RSA 2012 conference today that Zscaler's technology lacked things the world's number one security provider could offer, most notably encryption.

"If you have loads of devices and datacentres, you need access control. That is something Zscaler doesn't have," deSouza said.

"You need information protection, so it's not only just a single sign-on and access control but it's DLP and encryption. [Zscaler] does not do any DLP.

"But I think RSA has realised that you can't rely on being on every device, because in the future you won't be. And you can't rely on controlling the server and the perimeter... That's the right direction."

Salesforce.com tie-up

Symantec has also chosen to deeply integrate 03 with Salesforce.com, creating an application on the Force.com platform.

The application will let customers use their Salesforce.com identities as their key into cloud services with a single sign-on.

Just as the general O3 product will do, it will also hand IT departments tighter controls over how and what cloud products are used via Salesforce.com. Two-factor authentication can be built into the app as well.

The O3 Salesforce.com software will be available from mid-2012.

Salesforce.com CEO Marc Benioff was on hand during this morning's keynotes to talk about the need for better cloud security.

"When you're a cloud provider, trust is our number one value. A critical part of that trust is the security infrastructure," Benioff said.

"There is no finish line when it comes to security... Because there is no finish line, trust is ultimately the most important thing."

A staff member at the Office for Nuclear Regulation (ONR) has lost an unencrypted USB drive containing a "stress test" for a UK nuclear power station.

The ONR, an agency of the Health and Safety Executive, admitted the loss of the data stick, which contained details on how to carry out safety assessments of a nuclear facility

The use of unencrypted USB pen drives is not permitted by ONR for transporting documents with a security classification.

The body said the USB "did not contain any significantly sensitive information."

"At the start of the EC [European Council] 'stress test' programme, the licensees of all UK nuclear power stations committed to publishing their stress test reports, so most of the findings in this report are now in the public domain," a spokesperson told IT Pro.

"The use of unencrypted USB pen drives is not permitted by ONR for transporting documents with a security classification. An internal investigation has been undertaken by ONR."

European Council stress tests were ordered after the Fukushima nuclear disasters in Japan.

Every nuclear power generating country in Europe agreed to carry out these stress tests, which have involved "a targeted reassessment of each station's safety margins in light of extreme natural events, such as earthquake and tsunami."

Terry Greer-King, UK MD for security company Check Point, said such losses are likely to continue occurring.

"This simply highlights the risks that businesses expose themselves to when using unencrypted devices," Greer-King added.

"If it's the organisation's policy to use encryption for sensitive documents, then solutions are easily available to apply this protection automatically."

Hitachi Global Storage Technologies (GST) has claimed to achieve an industry first this week with the launch of its Ultrastar SSD range.

The company said it was the first time single-level cell NAND flash based on 25nm technology had been made commercially available, bringing speedier throughput and better performance to enterprise storage arrays.

That Hitachi is now stating a five year life with considerable i/o hammering is good news

The Ultrastar SSD400S.B range comes in three capacities - 100GB, 200GB and 400GB - and uses 2.5 inch 6Gbps Serial Attached SCSI (SAS) interfaces to allow for fail-over to a second port.

Another added in resilience comes from Intel. The company worked closely on the SSDs with Hitachi to bring in what it called "endurance firmware" and power management features, enabling the SSDs to last much longer.

Hitachi claimed a 400GB SSD could handle up to 35PB of random writes during its lifetime, the equivalent of writing 19.2TB to the drive every day for five years.

Clive Longbottom, founder and principle analyst at Quocirca, said this element was much more important than being the first in the industry to use 25nm SLC NAND flash.

"Vendors have kept pretty quiet about how SSD technology has a limited life each memory bubble can only be written to for a reasonably limited number of times before it just gives in, and historically, this has been less than three years' use," he said.

"There are a lot of enterprises out there having gone for SSD who will find their tier zero storage systems falling off the edge of a cliff in the next year or so. That Hitachi is now stating a five year life with considerable i/o hammering is good news."

Security is also a headline feature of the Ultrastar portfolio, with the option to buy self-encrypting drives. An encryption key is built into the drive and can only be accessed by the customer.

If the key is deleted, all of the data becomes unreadable. Hitachi claimed these features enabled better performance by moving encryption away from the processor.

"Security is a growing concern among enterprise customers, especially those in financial services, e-commerce and online transaction processing," said Brendan Collins, vice president of product marketing at Hitachi.

"With our new 25nm SLC SSDs, our enterprise customers now have the highest level of data protection in an SSD without compromising system performance, reliability and endurance."

Hitachi again claimed to beat its rivals with throughput speeds. The Ultrastar drives offer up to 536MBps read throughput and 502MBps write throughput, as well as up to 57,500 read and 25,500 sustained write IOPS. This, the firm claims, is 100 times faster than traditional hard drives.

The SSDs also offer low power consumption and, with less SSDs needed to achieve better performance than HDDs, Hitachi claimed the cost of IOPS per watt was also significantly reduced.

The Ultrastar SSD400S.B range has begun to ship already and Hitachi is in the process of working out OEM partnerships.

Both Microsoft and Adobe have welcomed the new year by announcing some notable patching days for IT departments to be aware of.

Microsoft usually keeps Patch Tuesdays quiet in January, but has issued seven security bulletins for eight vulnerabilities.

One of those is a critical remote code execution vulnerability in Media Player, although for users of Windows 7 and Windows 2008 R2 its severity is downgraded to 'important.'

The remaining bulletins are ranked as important. One of those covers the BEAST SSL flaw highlighted by researchers last year.

Next Tuesday it will be interesting to see, which exact Windows features are involved and how this vulnerability can be used by attackers.

Researchers found a way to exploit a long-known flaw in TLS (Transport Layer Security) that could have undermined the security credentials of the SSL cryptographic protocol and affected millions of sites. However, little emerged from the discovery.

"Bulletins three and five, while rated 'important' both involve Remote Code Execution, most likely through a specifically crafted input file to one of the Windows standard programs and should also be high on your list of bulletins to look at," recommended Wolfgang Kandek, CTO of Qualys.

"Bulletin two stands out as it is tagged as 'Security Feature Bypass,' which is a new category. Next Tuesday it will be interesting to see which exact Windows features are involved and how this vulnerability can be used by attackers."

Adobe will join Microsoft in issuing updates tomorrow (10 January). It will address critical flaws in Reader and Acrobat.

"These updates will include fixes for CVE-2011-2462 and CVE-2011-4369, previously addressed in Adobe Reader and Acrobat 9.x for Windows," Adobe said in its advisory.

Oracle is also due to issue its quarterly security update on 17 January, making it a busy month of patching for IT managers.

New research has found corporate laptop security lacking, while smaller firms emerged as vulnerable to cyber attack, yet unaware of their potential as targets.

A survey of 320 UK public and private sector IT managers and senior IT staff found 43 per cent did not have data or device encryption deployed to secure their business laptops and a further five per cent admitted they didn't know if encryption was in use.

The survey, conducted by eMedia, revealed only half of organisations used data encryption to protect removable media, such as USB memory sticks, removable drives and DVDs. Nearly half (44 per cent) said they had no solutions deployed to protect these devices and six per cent of respondents said they did not know if encryption was in use.

Terry Greer-King, UK managing director of Check Point Software, which sponsored the survey said: "These threats need to be addressed by a combination of education and technology so that organisations can protect their data, their business and their employees against the risks of security breaches."

A similar UK survey also carried out by internet security software firm in October 2010 found just 40 per cent of organisations had encryption deployed on their laptop, suggesting a significant proportion of businesses are still vulnerable to breaches from loss or theft of portable PCs.

These threats need to be addressed by a combination of education and technology so that organisations can protect their data.

Greer-King said new threats such as consumerisation have also emerged, and many organisations hadn't established measures to secure the use of personal laptops and smartphones in the workplace.

Nearly two thirds (61 per cent) of organisations surveyed said employees use personal devices for work (up from 55 per cent in Check Point's October 2010 survey), yet 42 per cent of the respondents said they had no formal process for deploying security to these devices, leaving corporate network at risk.

Only 17 per cent of organisations said they insisted on deploying security on personal devices used for work purposes, and 42 per cent restricted access to the organisation's network or data resources to authorised corporate devices only.

A further 73 per cent said they had not experienced an incident of data loss incident in the past 12 months, whether accidental or malicious.

Yet, despite email breaches being the second most common vector for breaches, only 32 per cent of respondents said they had any kind of data leak prevention solution to protect email traffic and sensitive files from reaching unauthorised individuals.

Another survey published today, the Symantec 2011 SMB Threat Awareness Poll [PDF], also found half of small to midsized businesses believed they were too small to be the target of cyber attacks.

Yet data from Symantec.cloud found that 40 per cent of all targeted attacks since the beginning of 2010 had been directed at companies with fewer than 500 employees, compared to only 28 per cent for large enterprises.

Over two thirds (63 per cent) did not secure systems used for online banking, while a further nine per cent admitted they took no additional online banking precautions. Nearly the same proportion (61 per cent) used neither antivirus on all desktops or mail servers or services (47 per cent).

ANALYSIS The mix of fixed problems and new features in Windows Server 8 is what we're used to in a new release from Microsoft.

There are all the features we expected for building private and hybrid cloud systems for enterprises. There's some significant improvements in virtualisation too that give it many more of the features of a server operating system.

Hyper-V can take advantage of a lot more hardware than before; not only can you use up to 160 processors - either cores or threads - and up to 2TB of RAM. Each virtual machine can have up to 32 virtual processors and 512GB of memory.

The new VHDX format supports files up to 16TB rather than 2TB and takes advantage of new sector sizes on the latest hard drives. There's no fixed ratio between logical and virtual processors anymore - you can run as many processors or workloads per physical core as the hardware can support.

Adding more hardware to virtualised systems doesn't always improve performance if the systems aren't using memory that's physically close to the processor thread. Rather than VMs just picking whatever memory is available, those that run on Windows Server 8 now get NUMA (non uniform memory access) support so performance will scale well as you add more cores to a server. It effectively means smarter memory management and therefore improved performance in theory of course.

Windows Server 8 also improves storage performance for virtualisation. If you have a storage array that supports offloading data transfer, when you move data inside a VM that can happen directly on the storage array. It means the system won't have to copy all the data across the network to the server and then back to the same array just move it.

It's easier to use virtualisation for making your infrastructure more reliable, like using Hyper-V Replica to take Volume Shadow Copy off site and cloning domain controllers so you can get them up and running quickly for failover and disaster recovery. Hyper-V also gets more operating system features, like whole-disk encryption with BitLocker even on clusters and using the Windows Hardware Error Architecture to look for problems like memory errors that cause page faults. Predictive failure analysis even finds some faults before they cause problems - because the memory is virtualised, the VM can just remap it without restarting.

Moving running virtual machines is also a lot easier. With Windows Server 8 you can move any part of a VM at any time, whether it's the whole VM, the configuration file for the VM, the storage that the VM is using or just a virtual hard drive inside the VM - and take the metadata and historical performance metrics with it. You can move a VM while it's copying files or running a computation (the work in progress gets mirrored until the migration is complete) and you can do all that over the local network, without stared storage or a cluster.

There have been rumours that Hyper-V was in maintenance mode' and Microsoft was concentrating on management tools and System Center. This array of significant new features for virtualisation proves that's far from true.

PowerShell powered

There are some significant improvements in management tools, although they're not always coherent or consistent unless you're ready to take advantage of PowerShell. In the messy real world the idealised clear and simple tasks of Server Manager aren't always what you need to do. PowerShell lets you get down and dirty but you still have high-level abstractions for tasks that work remotely. It's a powerful combination but even with the helpful new tools it still has a learning curve.

Microsoft is keen to get admins away from working in a GUI on a live server, encouraging them to use Server Manager or remote PowerShell from a client PC (or a Linux box). An interface is something else for the server CPU to run and something else that needs patching (and something you certainly won't get on a cloud service). There's even a new role between the existing command-line only Server Core, which is what Microsoft thinks you should run, and the full server role, or what Microsoft is calling Full Server without GUI.

Slightly confusingly you can still run Server Manager and MMC tools, but you don't get Explorer or Internet Explorer, making for a more secure system that's harder to mess up by accident. It's also easier to change the server role; if you need something that's not in Server Core you can switch to a Full Server role without installing the server from scratch, and you can switch back handy if you need the GUI to install an app but not to run and manage it.

But Windows Server 8 also looks forward to the next stage of commoditisation where x86 servers replace even more specialised storage and networking hardware. Storage Spaces let you make a pool of storage from SATA and SAS drives in a standard enclosure that you manage with standard Windows tools instead of needing to invest in expensive fibre channel storage arrays to be able to set up clustering.

Being able to manage thin provisioning with PowerShell and WMI opens up huge possibilities for virtualising storage on a budget. Clusters are much easier to work with - almost any server application can use cluster shared volumes and you can apply an automated rolling update across a cluster so you can get through Patch Tuesday without downtime. That means you don't have to be an enterprise to be able to have your server available all the time.

File deduplication is a high-end storage option that several companies have tried and failed to make more mainstream. Having it built in Windows Server 8 with tools that look both simple and powerful is a big advantage.

Using roles and automatically applied tags to protect files on file shares is a quick way to do a basic version of the deperimeterised data security you've needed complex and expensive DLP security systems to provide. You can create virtual network switches and run third-party extensions that let you monitor, filter and forward traffic so you can manage network traffic or change your core routing algorithms. These are features you tend to find only on high-end, high-priced network switches.

Essentially Windows Server 8 lets you take an entire network infrastructure, complete with security rules and provisioning policy and virtualise it on your servers which could save you a lot of money on network hardware and power without losing performance. Think about running a single converged network that handles storage, management, communications and server workloads.

The biggest concern we have is whether, even with the new HTML5 and WebSockets support, Internet Information Services (IIS) 8 has enough features to compete with open source web servers when it comes to powering the web apps that smartphones and tablets make increasingly more relevant. However, integration with existing server systems does make it a compelling solution for an enterprise that cares more about business web apps. Vastly improved options for managing security certificates may mean we'll see more web hosters offering IIS.

The underlying trend is towards putting more processing on servers, whether that's for thin clients, VDI or web apps. New options for making sure that server resources are shared in a fairer fashion whether that's between competing websites or between VDI users will make it easier to offer SLAs and do chargeback to make sure that departments get what they pay for - and pay for what they get.

A new H.264 codec, software GPU and support for touch and new USB devices (including USB 3) mean remote desktop sessions will get the full Windows user experience including the new Windows 8 features.

Whatever happens on the desktop and mobile side of the PC industry, Windows Server 8 is crammed with features that make it a strong successor to a server OS that already has 76 per cent of the market. Although it faces competition from software-as-a-service and cloud offerings, there are few businesses that will be able to manage without any servers at all.

While many of the features give mid-range companies access to options previously accessible only on large enterprise budgets, tools like the new, simpler DirectAccess (remote access without VPN) and peer-to-peer BranchCache are compelling for the smallest of offices.

As usual though, the biggest competition for Windows Server 8 is the huge installed base of existing Windows Server licences. It'll take time for any serious migration to happen.

Best known for its anti-virus software, Sophos also wants to provide full protection for your workstations and its latest Endpoint Security and Data Protection (ESDP) 9.7 software has a veritable feast of security measures. Naturally, its anti-virus software is at the top of the list, but ESDP partners this with firewall, intrusion prevention plus controls for removable devices, data and applications and tops them off with NAC (network access control) and disk encryption.

Sophos provides an import wizard that works directly with Active Directory

We found installation initially straightforward as you load the Enterprise Console on a designated management system and then introduce your client systems to it. Sophos provides an import wizard that works directly with Active Directory and we had no problems selecting the AD Computers container and adding all our Windows XP, 7, Server 2003 and Server 2008 R2 systems to the console.

A wizard helps to add computers to the console and we had no problems importing our Active Directory Computers container.

To deploy the agent you select all required systems from the lower pane in the console and choose the Protect Computer menu option. Before doing this some work was needed on our Windows 7 systems as we had to enable the remote registry service, turn off UAC completely and modify the advanced share settings as instructed in the manual.

You can choose which components to install on clients and we opted to leave Sophos' firewall out of the equation as the lab's gateway security appliance does a good enough job for our LAN-based systems. Once the agent had been installed, each system was added into a new group in the console ready to receive its instructions.

Policies are used to control endpoints and ESDP comes with a complete set of predefined ones. These should cover most eventualities, but you can create custom policies and assign them to selected groups.

An update policy is enabled by default and defines how often group members receive software updates. Other active policies cover anti-virus, intrusion prevention and the firewall. Policies for application, device and data control and tamper protection are disabled by default.

For anti-virus policies, you can decide how infected files are handled, create schedules for full systems scans and set up email alerts. Live protection can be enabled so if ESDP can't identify a suspicious file from the local signature files it'll pop online and check it against Sophos' hosted database service.

ESDP had no problems when we introduced some genuine viruses to our endpoints as these were blocked and placed in a local quarantine area. The agent notified the console each time which then flagged up a virus alert within a few seconds.

Application control policies are as easy to use and Sophos includes a heap of predefined applications which is just as well as you can't add your own. We were able to block access to utilities such as FTP clients, email apps including Windows Mail and Outlook Express and various browsers, although for Microsoft Office you can only block the entire suite.

Policies are used for each ESDP component and allow you to control the anti-virus scanner, application usage and access to removable storage.

ESDP's device control isn't a patch on DeviceLock as it can only control access to floppy, optical and USB removable storage plus modems, wireless and Bluetooth devices. However, you can passively monitor and log usage on each endpoint, block access entirely or allow read-only or full access. With a policy set to block all usage we inserted USB sticks on some of our endpoints and received pop up warnings advising us that access wasn't permitted.

Data control policies allow you to apply file matching rules to stop them being copied or emailed. File contents can also be checked for keywords, phrases and patterns and Sophos provides a huge predefined list of patterns which includes those required for compliancy with HIPAA, PCI-DSS and PII standards.

Although an entry in the ESDP console is provided for NAC, all you can do is list its policies as all configuration is done from a completely separate console. Another NAC agent is required on endpoints but this can be deployed from the ESDP console.

NAC policies combine profiles that look for specific software on endpoints before it'll allow them network access. Profiles include checks for operating systems, patches and service packs along with the ESDP anti-virus and firewall components. The policies also provide remediation services in other words users can be sent to a location where the necessary software can be found.

The NAC and SafeGuard components steepen the learning curve as they each have their own policy management consoles.

Last up is the SafeGuard encryption utility which is completely separate to ESDP. It provides tools to automate full disk encryption on endpoints with sensitive data, but uses a separate server component to handle key management and encryption policies and needs yet more agents installed on endpoints which must be run manually.

Leaving NAC and SafeGuard to one side, we found ESDP easy to deploy and use and capable of providing an extensive set of security measures for workstations and laptops. The ESDP console simplifies management and is suitable for large user bases, but adding in the NAC and SafeGuard components will complicate things immensely.

So what's our verdict?

Verdict

The main ESDP software provides an impressive range of data security measures for the price and includes some useful controls for screening applications, data and devices which worked well during testing. If you stick with these alone then management will be fairly easy, even for larger businesses, but adding in the poorly-integrated NAC and SafeGuard components will almost certainly require dedicated support staff to handle them.

SYSTEM REQUIREMENTS FOR THE ENTERPRISE CONSOLE Memory: 1GB Hard disk: 500MB OS: Windows 7, Server 2003, Server 2008, Server 2008 R2 (32- and 64-bit for all operating systems)

Not many companies make it to their 100th anniversary. when it comes to technology companies, this is even fewer.

But some firms were there at the start of this technological age and have remained at the forefront for a century.

Today sees IBM celebrate its centenery and IT Pro looks at its history, its present and its future as one of the largest tech companies in the world.

The past...

For a company at the cut and thrust of the high-tech computing industry, IBM has a surprisingly long and storied history with quite humble, low-tech origins.

IBM's predecessors existed as far back as the 1880s manufacturing commercial tabulating machines, such as time clocks for tracking worker attendance. The Computing Tabulating Recording Company, or CTR, was the most direct antecedent and was founded on June 16th 1911. The name International Business Machines, or IBM, wasn't adopted until 1924.

During the 1930s and 1940s, IBM's punch card tabulating machines were used by both the American and German governments for various purposes, including the collection and maintenance of social security and census records. Its involvement with the German Government during this period would later cause much controversy during the 1990s, when its dealings came to light.

IBM's entry into the computer market in the 1950s, which then consisted of selling room-sized machines to the US Government, universities and multinational businesses, is overshadowed by two major developments. The first was the world's first hard disk invented in 1956 a technology that is obviously still with us today. The second was FORTRAN, an incredibly influential programming language.

IBM's track record of innovation continued unabated through the 1960s where its computers were used by NASA during the Gemini and Apollo space flights. Even more dramatically, it invented the world's first RAM chip in 1966 without which today's affordable, compact and ubiquitous computers would be impossible.

More down to earth was the IBM Selectric typewriter, first unveiled in 1961, and the introduction of magnetic stripe cards, which made credit cards as we know them possible. The American SABRE airline reservation system, which still exists today and lies behind most online travel booking websites, was first established in 1962 on a pair of IBM 7090 mainframe computers.

IBM was slightly less dramatic in the 1970s with the invention of the first floppy disk, although the company's 8in disk looks comically large compared to the 3.5in disks most people remember today. The company was also responsible for pioneering relational databases and speech recognition software during this decade.

The world of retail was changed forever by the IBM's invention of the standardised barcode, or Universal Product Code, in 1979. Two years earlier in 1977 the company helped devise the Data Encryption Standard (DES) which was the US Government's encryption standard of choice until it was supplanted by AES at the turn of the millennium.

For most people IBM will be remembered for just one product: the IBM PC. Introduced in 1981, this DOS-based computer is the grandfather of today's Windows PCs. Many household names, such as Compaq - now part of HP - got their start producing clones of the IBM PC.

The company tried to make the PC more affordable and attractive to home users with the PCjr which was an infamous flop. Despite the PCjr, the DOS-based PC and its clones would eventually trounce almost all other competing computer platforms at the time, such as the Apple II and the Commodore Amiga among numerous others.

If the PC dominates people's memories of IBM during the 1980s then the ThinkPad line of laptops forms an integral part of IBM's popular image from the 1990s onwards. The range of business laptops was first released in 1992 and some ThinkPads are still the standard by which other laptops are judged here at IT Pro.

There was more to IBM than just ThinkPads during the 1990s though. IBM's services and consultancy business, which is now one of the cashcow pillars of the company, was first established in 1991.

The company also attempted to rival Intel's dominance of the processor industry with its PowerPC range, developed in partnership with Motorola. Aside from relatively niche markets, such as embedded applications and games consoles, and a stint as Apple's choice of chips for the Mac during the 1990s, the PowerPC never caught on.

Despite the success of the ThinkPad, IBM struggled financially during the 1990s, but eventually recovered under CEO Louis V Gerstner Jr, one of the most influential men at the company since the legendary Thomas Watson who managed IBM's transition from tabulating machine maker to computer titan from the First World War onwards.

Despite IBM becoming almost synonymous with personal computers during the 1980s and 1990s, the company sold its personal computer business, including its vaunted ThinkPad brand, to Chinese company Lenovo in 2005. This has turned out to be a smart move given the increasing commoditisation of the personal computer market, allowing IBM to concentrate on its profitable services division.

IBM is perhaps now best known for its range of supercomputers, long a bedrock of the company, in stunts such as defeating chess grandmaster Garry Kasparov. IBM's supercomputers are frequently used in scientific and military research which, in a way, brings the company almost full-circle back to the 1950s when its customers were governmental and academic users.

Present day...

IBM ruled the roost for a long time but in the 2000s fell out of favour as new internet companies took over technology. Where has this change left IBM now?

Surprisingly, it seems the economic downturn actually served the company well, but one would assume being around for 100 years would at least teach you how to ride the wave of boom and bust.

The headlines hit when IBM overtook Microsoft in Reuters' market share value listings last month for the first time since 1996. Although it still remained behind top of the pile Apple valued at $309.2 billion it snuck ahead of its old rival with a value of $203.8 billion Microsoft was valued at $203.7 billion.

But what about the company's own results breakdown?

In its first quarter report released in April 2011, the company showed a 10 per cent rise in net income to $2.9 billion, when compared to the same quarter last year, along with a rise of eight per cent for total revenues, equating to $24.6 billion.

Yet, it was the yearly results which impressed investors. Announced in January, the filing showed a seven per cent jump to reach $29 billion, leaving behind Wall Street estimates of $28.3 billion.

It was Big Blue's delve back into familiar territory that bolstered results, with the introduction of an updated System Z mainframe product. This saw sales in the division leap by an unprecedented 70 per cent year-on-year and, along with its new lines of servers and even its first foray into the NAS market, hardware kept IBM in the cash.

Of course, services and software cannot go without a mention, with the likes of its business analytics software revenues rising 19 per cent in 2010. This had clearly been IBM's focus for some time, which a number of analysts claimed detracted from what it did so well in hardware, but it is bringing the company solid revenues.

However, it is its hardware legacy, along with investments into new generations of these classics, that seems to have kept IBM well above sea level whilst others sank during the stormy recession.

The company's UK chief executive (CEO), Stephen Leonard, was a little more philosophical though. At an event in London last week to celebrate Big Blue's birthday, he claimed the core of IBM's success was three principles: adapting to the challenges of globalisation, responding to technology changes and retaining the essence of an organisation.

Be it as simple as well-known and well-trusted hardware or the more idealistic opinions of Leonard, 2011 is seeing IBM get back in the game.

Future gazing...

So what now for Big Blue? Looking at its strategy for the coming years, despite its mainframe successes, it will continue along the same path it has been for the past decade - focusing more on services and software, less so on hardware.

In its recent visit to IBM's London headquarters, IT Pro heard the tech giant reiterate its 2015 roadmap, in which it will drive growth by focusing on three core areas: Smarter Planet, cloud and business analytics.

It was the same roadmap IBM outlined in the first half of 2010, so the company is clearly sticking to its guns.

The idea behind the Smarter Planet initiative is to help private and public companies take advantage of the abundance of data available to them. As Leonard explained to us, the Smarter Planet idea is designed to help companies enjoy business rewards, whilst providing social and environmental benefits too.

This strand of the three-pronged strategy builds into business analytics - something IBM is banking on to be a real revenue earner. It will also be a market in which IBM will need to shine as it's getting awfully busy, with the likes of Oracle pushing out some serious kit.

"When most people think of business analytics, they think of the ability to look within their financial model to see how they can optimise around the financial model. We're talking about something completely different," Leonard said.

"We're talking about how you can take that type of technique and apply it to the systems that run inside your organisation. This is the concept of looking at your organisation through a different dimension."

In the coming years, IBM will look to dominate the predictive analytics space, focusing on assisting firms respond to future events.

As for cloud computing, it's clear the sector is going to be huge. It's equally clear the long-term future (we're talking the next 50 years or so) is going to be very cloudy indeed for IBM. The company already does plenty in this space, spreading its net fairly wide from security offerings and transitional services, to private cloud storage.

Yet despite all IBM's claims it is continuing in the software and services direction, it still sees solid gains from more corporeal goods. As noted, in the company's financial results from January, it reported a spike in sales from its traditional mainframe hardware. So expect continued concentration on providing mainframe kit, as it's still a valuable part of IBM's business.

Acquisitions will remain key at the firm too it's already allocated $20 billion for purchases up to 2015. As for what spaces they'll invest in outside of analytics and cloud, a security firm wouldn't be a bad bet as it looks to gain ground on the specialist players in the market like Trend Micro, McAfee and Symantec.

IBM will also have to do what every tech business does remain agile to deal with the capricious nature of the tech world. IBM should be ready for the transience of the IT landscape to take advantage of opportunities when they arise.

"IBM has a plethora of other challenges including disruption by technology and competition, consumerisation of IT, government regulation pushed in part by non-governmental organisations (NGOs), and obsession with financial results that cause it to fail other stakeholders," said Ovum chief analyst Carter Lusher.

"While we celebrate IBM's centenary, it is critical to think about how this vendor will adapt in the future. Three CEO cycles, countless changes in the tech fad du jour, climate change, politicians and NGOs wanting IBM to do things that make no business sense, are all challenges and opportunities it will face over the next 20 years."

Lusher suggested IBM should focus what it does best: providing for the business needs and opportunities of its customers. It's hard to argue with that.

Congratulations on your centennial IBM we hope you help businesses thrive for the next 100 years and beyond.

Even the most diligent, security-conscious firms will inevitably fall victim to human error and lose discs containing sensitive data. Roxio's Secure Burn Plus aims to prevent the most serious security consequences of such a loss strangers getting ahold of the important information on those discs. Secure Burn Plus encrypts and password protects optical discs such as CDs and DVDs so any private information should remain private, even if the disc is lost or stolen.

Secure Burn Plus is a complete disc writing program in its own right and is used in place of whatever disc burning software you currently use. IT administrators configure Secure Burn Plus by installing a Permissions Manager on each computer. Permissions Manager is then used to create user names and passwords. Those user accounts can be organised into groups which not only makes administration easier, but also allows finer grained control over security certain groups can be allowed to access discs burnt by other groups, but not vice-versa, for example. Permissions can also be set so that users don't need to input their password when viewing discs created by a colleague in their group.

The Permissions Manager is where you set user account details and security policies

Once you've finished configuring Secure Burn Plus, the Permissions Manager can be locked or deleted from the computer to prevent the user from making unauthorised changes. If deleted, the security polices will still be in force. A more sophisticated server-based management approach is available in the more expensive Roxio Secure Managed version of the software, but this isn't yet available in Europe for reasons Roxio has yet to reveal to us.

Actually burning a disc is simple. When a disc is inserted, a widget pops up from the system tray. Clicking on it opens a window listing the contents of that disc. Simple drag and drop files into the window to add them to the disc. When you're ready to write the disc, simply click the burn icon. Roxio claims the encryption meets US government standards, so it should be very secure.

The Roxio Secure Burn Plus disc writing interface is simple

Unfortunately only Windows users can access encrypted discs a Windows-only reader program copied onto each disc during the burning process is needed to access the secured files. Files can then be opened or copied onto a hard disk or flash drive. If you don't have the right password, the file names can still be seen in Windows though which may an issue if you have descriptive file names.

A Windows-only disc reader program is automatically burnt onto every disc

Roxio Secure Burn works well enough, but critically it makes no attempt to manage other forms of storage such as USB disks, although to be fair it doesn't claim to. Again, this is a feature of the pricier Roxio Secure Managed as well as DeviceLock 7 which can also manage other ways data could leak from your computers and network. DeviceLock is correspondingly more involved to administer and pricier, but for companies truly concerned about data loss, those are hurdles worth putting up with.

[a href="

https://www.itpro.com/634039/roxio-secure-burn-plus-review/verdict" target="_blank"]So what's our verdict?[/a]

Verdict

Roxio Secure Burn is easy to administer and use and it's cheap too. It'll have to be used in conjunction with other security tools to prevent other forms of data leakage though, so you might as well invest in an integrated security package such as DeviceLock instead, especially if you're managing lots of users.

Memory: 256MB RAM or more Hard disk: 100MB free hard disk space for installation Optical drive: CD, DVD or Blu-ray writer Operating system: Windows XP, Vista or 7 (32-bit and 64-bit versions supported)

Since their launch earlier this year, AMD's Opteron 6100 series of processors have garnered a lot of interest from the blue chips with many significantly expanding their server ranges to accommodate them. In this review we take a closer look at Dell's first dual-socket Opteron 6100 rack server, the PowerEdge R715 and also see how well it stands up to HP's latest seventh-generation ProLiant DL385.

One of the main claims by AMD is that the Opteron 6100 removes the artificial price barrier to four-processor (4P) computing. In our review of Dell's quad-socket 2U PowerEdge R815 PowerEdge R815 we agreed as this rack server was far more cost effective that a four-socket Xeon 7500 server.

Move down to two-processor (2P) platforms and the advantages aren't so clear cut as the Opterons face stiff competition from Intel's 5500 and 5600 Xeons. AMD scores higher for physical cores as the R715 comes with a pair of 12-core Opteron 6174 processors. The 6-core 5600 Xeons can match this but only with Intel's hyperthreading producing 24 logical cores.

The R715 shares the same chassis with both the PowerEdge R815 and the Xeon-based R810 where the front panel is split into two sections horizontally. The lower half provides an unimpeded air flow through the chassis. Above you have a hot-swap hard disk bay, optical drive and Dell's nifty little LCD display which provides clear visual warnings of faults.

Dell is promoting the R715 as a general purpose server but for storage duties it doesn't come close to HP's DL385 G7 which we exclusively reviewed in our sister title PC Pro. The front panel design only has room for up to six SFF hard disks whereas the DL385 can accommodate up to sixteen disks.

The R715 scores highly as a virtualisation platform for a number of reasons. First up is memory capacity as the server supports up to 256GB of memory running at 1333MHz although a full set of 16GB RDIMMs will set you back over 12,000. If you decide to cut costs don't forget that using cheaper UDIMM memory limits capacity to 32GB and they can't be mixed with RDIMMs.

Boot media support for embedded hypervisors is the best of all the blue chips as Dell sells an optional dual SD memory card expansion board with two 1GB SD cards for a modest 67. Fitted on top of the optical drive, the controller automatically copies the contents of the primary SD card to the secondary one to provide boot media redundancy.

Two hot-plug supplies are supported. Our review system came fitted with a pair of 750W modules. If you go for the high power Opteron 6175SE processors you should fit Dell's 1100W supplies to cope with their 140W TDPs.

The Opteron 6174 processors in the review system have a lower TDP rating of 115W and our inline meter recorded a modest draw of 145W with Windows Server 2008 Enterprise R2 in idle. With all cores pushed hard by SiSoft Sandra this peaked at 344W. Intel's 5600 Xeons aren't so hungry as an IBM x3550 M3 rack server with the same amount of memory and two 2.66GHz X5650s pulled 155W in idle and 280W under load.

ProLiant DL380 G7.

Dell's new iDRAC6 console is much smarter than the previous version and opens with a complete status report on all critical components. On the Enterprise version you also get a thumbnail preview of the server's screen and quick access to KVM-over-IP remote control.

Power monitoring gets far more attention as the console now provides tables showing peak and average power usage along with statistics of total usage over time. It also shows real-time consumption graphs and power capping can be set in Watts, BTU/hr or as a percentage of total available power.

HP's iLO3 has better remote control performance and tighter access security with AES hardware encryption. The iDRAC6 doesn't offer any encryption options although remote control performance is good with only a slight lag to mouse actions.

As we've shown in processor performance tests carried out by PC Pro, the performance of AMD's Opteron 6100 is roughly in line with Intel's 5600 Xeons. Their higher physical core count and greater memory support for 2P platforms make them good candidates for virtualisation duties.

For those with an eye on the future it's also worth noting that the Opteron 6100 is the first phase of AMD's 'Maranello' 6000 platform series. Dell confirmed to us that the R715 will support the next 'Interlagos' 12- and 16-core processors as drop-in upgrades making the R715 a good long-term investment.

So what's our verdict?

Verdict

Dell's first dual Opteron 6100 server is a good value platform for virtualisation and is clearly capable of handling many other duties including small databases and server consolidation. However, if a high storage capacity is a key requirement then HP's ProLiant DL385 G7 is a far better choice and although Dell has improved its remote management features, they're still not as good as HP's.

Chassis: 2U rack CPU: 2 x 2.2GHz AMD Opteron 6174 Memory: 32GB DDR3 1333MHz RDIMM memory expandable to 256GB Storage: 2 x 146GB Dell 15K.2 SFF 6Gb/s SAS hard disks in hot-swap carriers RAID: Dell PERC H700 RAID card with 512MB cache and BBU Array support: RAID 0, 1, 10, 5, 6 Expansion: 6 x PCI-Express 2.0 slots Network: 4 x Gigabit Ethernet Power: 2 x 750W hot-plug supplies Management: iDRAC6 Enterprise Software: Dell Management Console Warranty: 3year on-site next business day

Most ultra-portable laptops achieve their low weight by leaving out the optical drive. This is fine if you don't often need to read or write optical discs while out and about, but if you do, then the lack of an optical drive will be rather inconvenient. The Samsung Q330 has a built-in DVD writer, but still manages to stay slim and lightweight at 2kg. This isn't quite as light as some of the other ultra-portables available, but it's still light enough to carry around easily.

The Q330 looks more expensive than it is due to its slender, silver and black appearance. The lid has a subtle black zigzag pattern that's understated but appealing. The plastic build feels very creaky though and the chassis bends easily when placed under pressure which doesn't inspire confidence.

One of the most important things in a laptop designed for traveling is battery life. The Q330 lasted six hours and 40 minutes when web browsing, which is long enough to last all but the most epic train journeys. It lasted nearly two and a half hours when performing more energy-intensive image-editing tasks. Although we've seen other laptops last even longer, these have tended to be either more expensive, have slower processors or are smaller and lighter models without the benefit of a built-in DVD writer.

Typing is comfortable and accurate thanks to the keyboard's sensible, standard layout and the lack of any small, hard-to-hit keys. However, compared to the best laptop keyboards, the Q330's keys don't have as much travel and don't feel quite as responsive. The touchpad is reasonably large and feels accurate, while the buttons give plenty of feedback when pressed. They feel slightly slippery, but this is a minor niggle.

The Q330 comes with 3GB of RAM which is an odd configuration not commonly seen. Nonetheless, paired with the 2.4GHz Core i3 370M processor it fared very well in our benchmarks. It did especially well in our image editing test with a score of 98. The 320GB hard disk is by no means cramped, but we'd have preferred a 500GB disk as larger capacity models are increasingly common, even in laptops at this price.

As expected for a 13.3in screen, it has a resolution of 1,366x768 pixels. It has a glossy finish which is supposed to enhance brightness. Although it's certainly bright enough for most tasks, it's not as bright as other glossy screens we've seen. The glossy finish has a downside in that it reflects light from overhead sources quite easily this causes glare which can look quite distracting. This is usually easy enough to rectify by simply adjusting the screen or repositioning the laptop, but this may not always be possible so it remains an annoyance.

There aren't any security features, such as a fingerprint reader. We were also disappointed to find that the warranty only provides for collect and return and not onsite service. The only business-specific feature is the choice of Windows 7 Professional which has several useful features such as built-in encryption and a RDP server.

So what's our verdict?

Verdict

The Samsung Q330 doesn't have many business-specific features, but it does have reasonably long battery life, good Windows performance and a comfortable keyboard and touchpad at an inexpensive price. Although there are ultra-portable laptops with built-in DVD drives that have even longer lasting batteries, they won't be as inexpensive as the Q330. It's a great value laptop.

Processor: Intel Core-i3 370M, 2.4GHz Memory: 3GB 533MHz DDR3 RAM Graphics: Intel HD Graphics Hard disk: 320GB hard disk Display: 13.3in 1,366 x 768, LED-backlit screen Features: 0.3 megapixel camera, microphone, stereo speakers Connectivity: 802.11b/g/n Wi-Fi, 10/100Mbit/s Ethernet, Bluetooth 3.0 Ports: 3 x USB2, HDMI and VGA output, 3.5mm headphone and microphone audio sockets Dimensions: 330x232x35mm (WxDxH) Weight: 1.99kg Warranty: 1yr C&R warranty OS: Windows 7 Professional 64-bit Part code: NP-Q330-JA05UK BENCHMARK RESULTS Image editing 98 Video encoding 88 Multiple apps 69 Overall 83 Light usage battery life – 6h40m Heavy usage battery life – 2h28m POWER CONSUMPTION Idle 15W Active 40W

Netbooks have been incredibly popular, in part due to their low price and incredibly long battery life. Both of these have been achieved, in part, due to the low-cost, low-power Intel Atom processors found in most netbooks. The Atoms haven't been very powerful though, but this has been an acceptable compromise given their cost and battery life benefits. Intel's new dual core Atom processor, the N550, is finally here but we're not convinced it makes for a better netbook.

Most netbooks to date have used single core Atom processors. Intel has released dual core versions before, but these have been noticeably more power-hungry versions aimed at desktop computers. The new dual core N550 chip is specifically designed for portable use and uses just a couple of watts more power than the single core Atom N450.

The Samsung NF210 is the first netbook we've seen to come equipped with the N550, but it didn't impress in either our applications performance or battery tests. It was only a few percentage points faster in our Windows application tests. This was the case even in our video encoding and multiple applications tests which should have benefited from the extra processor core. We suspect that performance would have been improved if there was more than 1GB of RAM fitted. Subjectively, it only feels a little snappier than a single core netbook when web browsing and word processing with anti-virus software running in the background.

Battery life was by no means short, but the NF210 didn't last as long as other netbooks we've seen, including Samsung's own N450-equipped N230. It lasted just under eight hours in our light usage battery test, where it was set to scroll through a series of web pages until the battery depletes. It lasted just over four and a half hours in our heavy usage test, where it ran an image editing task repeatedly until the battery ran out.

These battery life scores are impressive in their own right especially the light usage score which is more than long enough to last a transatlantic flight. However, the N230 lasted nearly 10 hours in our light usage test and seven hours and 17 minutes in our heavy usage test.

This is a shame since the NF210 is otherwise well-suited for working on the go. It's lightweight at just over 1.3kg. It immediately catches the eye thanks to the swooping curves of its cream-white coloured lid and base, chrome lining, glossy black screen bezel and its brushed metal-effect wrist rest. It may sound gaudy, but it actually looks very classy and more expensive than it is. The NF210 doesn't feel quite as rigid as other netbooks we've seen, but it still feels sturdy enough. The underside didn't become noticeably warm either, even when running demanding Windows programs, so it's comfortable use on a lap.

We were also pleased by the keyboard which is large, responsive and comfortable to type on. Some of the punctuation keys, including the important @ key, are smaller than the others which could make them harder to hit accurately. The touchpad is small, but accurate. The single pivoting button feels responsive enough, but we'd still prefer more feedback as well as two separate buttons.

The NF210 has a 10.1in screen with a matt, anti-glare finish instead of a glossy one which is what we'd usually expect. It's a welcome change though, as the matt finish isn't nearly as reflective as a glossy finish. This means less glare is produced when the screen is under overhead light sources, such as office strip lighting. It's not as bright as screens with a glossy finish though, especially when brightness is turned down to conserve battery life, but it's still bright enough for use in most circumstances.

The NF210 is the first netbook we've seen with a SDXC memory card slot so one could plug in a 32GB SDXC memory card. Few digital cameras and video cameras currently use SDXC cards, but it's still a useful capability to have for the future. Another unusual connection technology built into the NF210 is Bluetooth 3.0 which is theoretically much faster than previous versions of the short range wireless technology, but few peripherals currently support it.

As with all new netbooks, the NF210 comes with Windows 7 Starter pre-installed on its 250GB hard disk. It's good enough for the basic tasks we'd expect a netbook to be used for, but it does have its limitations not present in other Windows versions. It doesn't have any of the more advanced, business features of Windows 7 Professional such as encryption or the Windows XP Virtualisation Mode. When a second display is connected to the VGA port you can only mirror the contents of the N230's 10.1in screen onto the external display, not show more windows. The resolution of the second display is also artificially limited to 1,440x1,050 pixels no matter what its actual resolution. These issues affect the usefulness of the NF210 for giving PowerPoint presentations.

Verdict

We wanted to like the Samsung NF210, if only because of its luxuriously sleek appearance and comfortable keyboard. Unfortunately, compared to a single core Atom netbook, the performance of its dual core Atom processor currently isn't much faster and its battery life is shorter too. If you can live with its plainer looks, Samsung's similarly priced single core N230 is a better buy for travelers thanks to its superior battery life.

Processor: Intel Atom N550, 1.5GHz Memory: 1GB 533MHz DDR3 RAM Graphics: Intel GMA 3150 Hard disk: 250GB hard disk Display: 10.1in 1,024 x 600 pixels, LED-backlit screen Features: 1.3 megapixel camera, microphone, stereo speakers Connectivity: 802.11b/g/n Wi-Fi, 10/100Mbit/s Ethernet, Bluetooth 3.0 Ports: 3 x USB2, VGA output, 3.5mm headphone and microphone audio sockets, SDXC memory card slot Dimensions: 276x185x40mm (WxDxH) Weight: 1.32kg Warranty: 1yr C&R warranty OS: Windows 7 Starter BENCHMARK SCORES Video 20 Image 18 Multiple apps 12 Overall 17 Battery, heavy usage 4h32m Battery, light usage 7h48m

It's not every day that a major company, government department or other large organisation loses a laptop stuffed with valuable data, but it sometimes feels like it.

Encrypting data is one obvious solution for mitigating the effects of such enormous privacy disasters and Check Point has launched an inexpensive software package designed to do just that. Small businesses and consumers can now use the sort of features that big companies have had access to (but frequently seem to ignore) for years.

Why is it necessary to buy third-party encryption when Windows has been capable of encoding files for over a decade? Because, whether you are still using Windows XP or any of the newer releases, encryption is only available in certain editions. ZoneAlarm DataLock aims to fill the hole left by Microsoft when it chose to exclude encryption from all versions of Windows 7 below the Professional edition.

The most expensive editions of Windows 7 include two main types of encryption. The Encrypted File System (EFS) lets you encrypt specific files and folders, while BitLocker encrypts entire hard disks and (using BitLocker To Go) flash drives. BitLocker also includes management features that make it possible for IT managers to recover keys and to ensure that certain types of data are always encrypted.

EFS is available in Windows 7 Professional, Enterprise and Ultimate, while BitLocker is only available in the latter two versions. Users of Windows Home Premium or lower need to install third-party encryption software if they want to protect files. This is where ZoneAlarm DataLock comes in.

The encryption algorithm used is 256-bit AES, which is the current industry standard. Unless you are equipped with some very specialist equipment and knowledge you're not going to be able to crack this encryption, which is why it is so important to remember your password. However, as we'll see, Check Point has taken a leaf out of its enterprise book and can help you recover your data should your own memory fail. In effect, it becomes your IT helpdesk.

The free key recovery service provides a way for you to call the company 24 hours a day, seven days a week and answer security questions to retrieve your password. You set up these questions when you install the software. You may stick with the typical "Mother's maiden name" options or create your own questions, which is a sensible move.

DataLock's pre-boot authentication screen provides the necessary phone number to call when your memory fails. The phone number is for an office in the United States of America so it's not a free call, but if you're likely to forget your password often then this is not the product for you.

The product is designed solely for laptops. This is not a suggestion but a requirement - the system requirements actually specify a laptop PC. We installed our review copy onto a desktop Windows 7 Home Premium PC, but this was running inside a VMware virtual machine so maybe that is the exception.

According to ZoneAlarm's forums the software checks for presence of a battery and, if one does not exist, it will not install. So don't assume that you can lock down your desktop PC with DataLock. It's not intended for that purpose.

Windows remains useable during this time and you can even log off or reboot without causing problems to the encryption process. This process can take a long time if you have a large and full hard disk, but this is a one-off process and all future encryption occurs in real-time and transparently.

The fact that encryption happens automatically means that there's nothing to learn, so using DataLock is about as simple as it comes. There are some added extras, including the option to download and install a program that provides access to 2GB of online backup. This capacity can be increased to 150GB for a fee of $4.95 per month (around 3.20). Carbonite provides an unlimited online backup service for around 33 per year, which is fractionally cheaper and provides as much storage as you'll need.

There are other hard disk encryption systems available and a popular choice is the free TruCrypt program. This can encrypt entire disks or just selected partitions. It can also encrypt USB drives and create encrypted virtual hard disks. TruCrypt is more flexible that DataLock in many ways but as a result it is by no means as easy to use.

If you want to take an active role in encrypting your data in different ways (and won't forget your passwords) then TruCrypt is the best option. If you want to protect your laptop's hard disk as simply as possible then DataLock is much more appropriate.

Verdict

ZoneAlarm DataLock provides effective and easy-to-use encryption for small business and consumers. It is also remarkably inexpensive. The light-weight software works silently in the background to encrypt all data on the hard disk. This is an inexpensive answer to the privacy issues surrounding lost and stolen laptops.

Laptop PC with ability to write to a USB flash drive, floppy disk or CD using CD-burning software with ISO-burning capability. Windows 7 (all editions), 32- and 64-bit , 2GHz or faster, 2GB RAM, 100MB disk space Windows Vista Home Premium SP1 or higher, 32-and 64-bit, 2GHz or faster, 2GB RAM, 100MB of disk space Windows XP SP2 or SP3, 32-bit, 1GHz or faster, 1GB RAM, 100MB of disk space

Cisco has traditionally been quite happy to leave its consumer division to handle all small and medium-sized business (SMB) network storage products but the Linksys brand has never really cut it for businesses. With its latest Network Storage System (NSS) products, Cisco has taken over the entire family and beefed it up with the release of 11 new appliances.

This is the result of Cisco's new Small Business Technology Group, which was formed earlier this year with the express purpose of developing a number of affordable networking solutions for SMBs. Another member of this initiative is Cisco's Virus & Spam Blocker and you can see an exclusive review of this over at our sister title PC Pro.

On review here is the entry-level NSS2000, which is a dual-drive desktop unit. The family also includes the NSS3000 quad-drive desktop appliances and then you have the NSS4000 and NSS6000 quad-drive rack mount systems.

Standing at nearly a foot tall in its chunky desktop stand, the NSS2000 is certainly imposing but is extremely well built. The two hot-swap drive carriers are accessed from the front and a single lock in between them secures both bays.

A key focus of the NSS2000 is small offices that value their peace and tranquillity and we found noise levels from the cooling system to be very low. The appliance is supplied diskless but check Cisco's approved drive list first as it comprises a modest selection of Seagate and Western Digital drives. For testing we popped in a pair of approved 1TB WD GreenPower drives.

Although the appliance offers three USB ports the two auxiliary ports are designed to accept flash drives only for backing up and restoring system configuration files. The third port accepts an APC UPS, which can be monitored by the appliance where it provides a status readout of available power and can initiate an orderly system shutdown in the event of a prolonged blackout.

The appliance's standard share profile only supports simultaneous connections from 15 CIFS and two FTP users whilst a global advanced profile drops the CIFS count to eight and pushes FTP up to 16. The reason for these profiles is the NSS2000 can take CIFS and FTP feeds from IP camera motion detection triggers so you can select the profile that suits these applications.

The video recording features aren't anything radical as most IP cameras will send recordings to a standard Windows share or FTP server. If you want more surveillance features than look to appliances such as those from Qnap or Synology as these can display feeds from multiple IP cameras in their web interfaces, they provide basic motion detection and can record video directly to their disks.

Access controls for Windows and Linux users can be set using the appliance's local database or by integrating with an AD server. FTP services run from a dedicated share and options are provided for limiting bandwidth usage and restricting user access. Soft and hard quotas at the user and group levels can be applied to shares where the first threshold sends a warning and the second stops further access.

The NSS2000 doesn't come as standard with any backup software but Cisco does offer its CDP (continuous data protection) option. Costing around 103 for a three-user licence we'd recommend getting it. After installation, it asks for the folders and email clients that you want to protect and then seeds the remote location selected on the appliance.

Two features that make the NSS2000 stand out are built in hard disk encryption and virtualisation. When you create a volume you can opt to have the appliance encrypt it using 256-bit AES. You provide a password and when, for example, you're moving the appliance or just want the data secured, you select the lock option, which unmounts the volume and makes its inaccessible. If power is cycled or the appliance rebooted it automatically locks encrypted volumes and won't allow access until the password is entered.

Virtualisation works when you have multiple appliances acting as master and slaves. Essentially, you create JBODs on a slave and import them into the master which then looks after them as its own. Another useful feature is the ability to expand existing volumes into unused space.

Unfortunately, the NSS2000 didn't impress in our real world performance tests. Drag and drop copies of a 2.52GB video clip to a Broadberry dual 2.8GHz Xeon X5560 server returned meagre read and write speeds of around 18MB/sec and the FileZilla FTP client utility couldn't muster more than 19.2MB/sec.

The NSS2000 offers some unusual storage features and the diskless version on review looks good value as after shopping around we found one for less than 300 at Broadband Stuff. Build quality is very good and it's as quiet as a mouse but performance is pedestrian at best.

Verdict

The NSS2000 hits the spot for value and is well suited to environments that abhor noise. Cisco’s drive encryption and virtualisation features are unusual for an entry-level appliance and it’s easy to configure but general file copy performance is comparatively poor. The optional CDP software could prove very useful for small businesses, but bear in mind it will work with any NAS appliance or network share.

Chassis: Desktop chassis Memory: 128MB RAM, 256MB Flash Storage: 2 x SATA 3.5in hot-swap SATA drive bays RAID: Supports RAID0, 1 and JBODs; Network: 1 x Gigabit Other ports: 2 x USB2; USB2 UPS port Power: External supply Management: Web browser Options: Cisco CDP software - 3 user licence; £103 ex VAT

We are all aware how important security is for our data, especially when we take it with us on the move. There are often reports about how employees have lost laptops, USB sticks or external hard drives containing valuable data and have not made any attempt to encrypt it.

To this end, DigiSafe has released its latest product, the DiskCrypt Mobile, claiming to offer simple, safe encryption and mobility for your hard disk. But does it live up to this declaration?

The premise of the device is like a cash machine, offering you a credit card and PIN to encrypt a hard drive within a solid casing to keep it safe.

At first glance the device looks a bit cheap, with an admittedly tactile black rubber outside but an unimpressive keypad. Unfortunately, the cheapness stops there as the best price we could find was 212.75. Admittedly this does include a 160GB 2.5in SATA hard drive, but even for just the enclosure the price came in at a hefty 151.80.

It comes with both USB 2.0 and Firewire 400/800 connections and should be powered by your PC or laptop. It does provide an AV adapter connection in case this fails but not the actual adapter itself, which considering the price is a bit of a let down.

The usage and security is a lot more impressive though. The user starts with an eight digit default PIN and after putting one of the chip and PIN smart cards into the device you get two in case one gets lost the number is typed in.

We appreciated the attention to security here with not just one but two secure steps to get access to the drive, whilst still retaining simplicity and usability that other options may lack.

The number pad did not always register our finger's instructions, which was frustrating at times. The worst scenario was when we were trying to change the PIN. The result? A relatively short process turned into an arduous task.

The security focus deepened even further when you get to the inside of the device. Rather than software encryption, it encrypts the data as it is written to the hard drive. So, should anyone steal it, remove the drive and try to use it in another machine, the drive is rendered useless.

Despite this hardware advancement, the set up on the computer is pretty non-existent, unless you need to format the drive. It appears as a mass storage USB device and from there using it to save files or applications to was no different than any other external hard drive. It's compatible with Windows 2000, XP, Linux, and Mac OS X and even Mac OS 9, should you be feeling retro.

Overall, we appreciated the idea and loved the extra mile the company seems to have gone to ensure heightened security. However, even with the sweet black leather pouch, what you get for your money doesn't add up for us. And there's further outlay thanks to the lack of AV adapter and the prospect that should you lose your smartcards you would have to purchase more.

If you have the money to spend and want, or positively need, to feel extra safe go for the DiskCrypt. That said, we'd have to first recommend the Lenovo ThinkPad USB portable drive, as it offers similar benefits for rather less cash.

Verdict

An extra secure way to transport your hard drive but a little on the pricey side for the quality of the casing and included accessories. A good choice, but we suggest you shop around before shelling out more than 200.

Model: DiskCrypt Mobile 128bits (also available in 256bits) Enclosure type: 2.5in external USB enclosure Bus Interface: USB 2.0 – Firewire 400/800 Compatible drives: 2.5in SATA-I/II Dimensions: 130mm x 78mm x 22mm (LxWxH)

As disk based backup becomes far more acceptable across a wide range of businesses it looks like the writing is on the wall for the venerable tape drive.

The key driving force has been the massive increase in disk drive capacities over the past few years along with a commensurate drop in storage costs.

HP's StorageWorks RDX takes advantage of the fact that 2.5in. small form-factor hard disks are now a viable and affordable option for backup. The RDX offers a simple, removable media solution that enables off-site backup to be brought into the equation.

It consists of a compact chassis with a USB 2.0 port, whilst the SFF disks are mounted inside sturdy removable cartridges. On review is the external model but HP offers an internal USB 2.0 version as well SATA is not currently an option.

The chassis is very well built and the cartridges are rated as capable of shrugging off a drop onto a hard surface from one metre. The kit on review includes a 160GB disk cartridge but HP also offers 320GB and 500GB versions. Either way, you can pick the cartridge capacity to suit your current needs and move up to the larger ones as and when required.

Another big advantage over tape is backward and forward compatibility as the RDX cartridge form factor is standardised. The chassis will accept the next generation of higher capacity cartridges and work happily with media that would have been available when RDX was originally launched a few years ago.

One problem with hard disks is their lack of hot-swap support as unless you have them connected to a RAID controller you'll need to power the host system down first. HP has neatly solved this conundrum as its RDXMon monitoring service enables the cartridge eject button to work under Windows. When you hit the button it releases the drive , permitting it to be safely removed and replaced whilst Windows is running.

HP also provides a simple diagnostic utility that scans the host system for supported devices and shows the currently loaded cartridge. It provides details of the device and cartridge, offers a firmware upgrade tool and runs read/write tests.

For testing we installed the RDX on a Boston Supermicro dual 3GHz Xeon 5160 system loaded with Windows Vista SP1. With the RDXMon utility installed, the drive is seen by Windows as a simple removable media device and cartridges automatically appear ready for use a couple of seconds after loading.

Iometer reporting a 26MB/sec average read throughput but real world speeds were slightly slower - copying a 2.52GB video clip returned read and write speeds of 25.8MB/sec and 20MB/sec. The RDX is compatible with any backup software that can work with removable drives and we tested with EMC Retrospect. Securing a 13.5GB test folder with nearly 15,000 files in it returned a much lower write speed of 7.5MB/sec.

The closest tape device in terms of price is the DAT72 although even the USB 2.0 model costs over 100 more and only offers a native 36GB on 4mm tape cartridges. We installed a USB external model on the server to compare performance and backing up the same test data using Retrospect saw the DAT72 deliver a paltry average speed of just under 3MB/sec.

The RDX was also superior to tape for restore operations. Using Retrospect we restored a single Word document near the end of the backup selections, which took 90 seconds for the DAT72 the RDX did it two seconds. It's also worth noting that, unlike the old NTBackup Windows utility, Vista's built in backup tools do not support tape drives.

The kit comes with HP's CDP (continuous data protection) software, which does precisely what it says on the tin. Once installed, it asks for a cartridge to be loaded, whereupon it proceeds to back up all partitions on the host system. From this point on, it automatically backs up files as they are created or modified and creates a separate partition in Windows Explorer from where you can view secured data and carry out drag and drop restorations.

The RDX currently has very little competition in the SMB removable hard disk market with only Imation's Odyssey and EMC's Iomega REV putting up a fight. The Odyssey does cost less but in both cases neither Imation nor Iomega can match the higher capacities of the RDX and both are proprietary. The big advantage of the ProStor RDX technology is that it has a much higher industry support, as along with HP it's also offered by IBM , Dell and Tandberg Data.

Verdict

The RDX is an innovative removable media solution that looks a far better alternative to tape for SMB backup operations. HP ought to offer a SATA version as that would perform better than USB 2.0, but even without, it’s much faster than equivalent tape drives for backup or restore operations and far more affordable.

Chassis: Desktop docking bay

Interface: USB 2.0

Storage: 160GB RDX cartridge included - 320GB and 500GB available

Cables: USB 2.0 cable and external power supply included

Software: HP Continuous Data Protection

Cartridges - 160GB, £169; 320GB, £278; 500GB, £439 (all ex VAT)

LaCie loves minimalist designs, and the new 5big Network is the sleekest looking NAS we've seen to date. A large silver box with a recessed, glowing blue orb on the front, it bears more than a passing resemblance to HAL 9000's all seeing eye.

Designed for small businesses, the 5big aims to take care of your storage and backup needs. It's available with capacities of 2.5, 5 and 7.5TB, and each one comes with five hot-swappable SATA disks. Out of the box, the disks are configured as a RAID 5, which means it can cope with a single disk failure. You can alternatively choose from a range of other configurations including RAID 5, RAID 6, RAID 10 and RAID 0. However, while the latter provides the best performance and the largest amount of storage, there's no protection should a disk fail. If you choose a RAID mode with a spare disk, this will be used automatically when another disk fails. The replacement disk then becomes the spare.

Build quality is up to LaCie's usual high standard. The aluminium case is sturdy and, even the business end at the rear looks tidy. Each of the five disk trays is lockable and has an LED above it. These can alert you to any problems such as a disk overheating, failing or a corrupt array. Naturally, you can also check the 5big's status via the web-based management interface. Replacing a disk is an extremely easy task: simply unlock the bay with the supplied tool or a coin - and pull the handle. A spare 1TB disk for the 5TB model on test costs a steep 157 ex. VAT, but the hot-swap nature means you can slide the new disk in and the 5big will set about rebuilding the array (assuming you're not using RAID 0). Rebuild times can be 20 to 30 hours for a RAID 5 with 5TB, but you can use the storage during the rebuild process, though performance will inevitably be hit during that time.

There's a single Gigabit Ethernet port for connection to your network, plus three eSATA ports and a USB 2.0 port. The number of eSATA ports mean it's simple to add external drives (up to 2TB each) for more storage or backup purposes, but it's slightly odd not to find any FireWire ports. Backups can be scheduled to run daily, weekly or monthly, but bear in mind that they're not compressed, so you'll need to buy big-capacity disks.

Backups aren't encrypted either, which is a problem for sensitive data as an eSATA drive could be removed and connected to any computer that can read the XFS file system. We found it slightly unsettling that there's no way to eject an external drive through the management interface LaCie's website merely advises users to check the disk's activity light isn't flickering before unplugging it. To take a snapshot of a connected drive, you simply push the blue orb on the front. We can't see many users wanting this feature, though.

Backup software is provided in the form of Genie for Windows 2000, XP and Vista, and Intego for Mac OS X 10.4 onwards. Only three licences are included, with extras costing 20. The software can backup open files, enable previous versions to be restored and can create entire system backups for disaster recovery. It supports compression, encryption and you can choose full, incremental, differential or mirror backup types. Note that Apple's Time Machine is not supported as this requires a direct-attached HFS+ formatted hard.

When you initially connect the 5big, it will attempt to obtain an IP address from the DHCP server, but there's a discovery wizard you can run if it fails. There are two ways to manage the 5big, either using the web interface, or the Network Assistant application. The interface is as clean-looking as the device itself, which makes it easier to navigate the menus and make changes.

The 5big supports up to 25 concurrent users (with a maximum of 100 accounts), and it's easy to create shares and assign privileges to groups or individuals. Only one user can be administrator. You can set which protocols can be used to access each share, from SMB, Apple, FTP or HTTP. This basic access is fine for small groups of users, but you can attach the 5big to a domain. We tested this under Vista and had no problems logging on to a share.

Unlike Synology's Disk Station DS508, the 5big isn't endowed with scores of extra features. Its one frill' is the inclusion of a BitTorrent client, which enables you to download files without leaving another computer switched on. Aside from this, you can view the device's status remotely, and there's a built-in SMTP server, which can email alerts to a designated address. If you want IP camera surveillance, a print server and numerous multimedia features including an iTunes server, the DS508 is a better choice.

The 5big's power management isn't as good as we'd hoped for. Despite the USB port, there's no support for a UPS and auto-shutdown. There's also no facility to automatically start up after a power cut. You can only reboot the 5big or shut it down from the management interface if the power switch is set to auto. The wake-on-LAN support only works via the Network Assistant.

Performance also wasn't quite up to the standard we were hoping for. Compared to the Disk Station DS508, the 5big was much slower at transferring large files, writing at 12MB/sec and reading at 24MB/sec. It read small files at 11MB/sec and wrote them at 6MB/sec. Switching from RAID 5 to RAID 0 saw these speeds increase between 1 and 5MB/sec.

Verdict

LaCie’s 5big is a striking looking NAS which could take pride of place in any office. It’s easy to use and very quiet. Additional storage capacity is easily added via external disks, but backups aren’t compressed or encrypted. Performance and power management are the other weak areas, making the DS508 the better choice for most people.

Chassis: Desktop CPU: Not stated Memory: Not stated Storage: 5 x hot-swap SATA drive bays, 5 x 1TB disks Ports: 1 x USB 2.0; 3x eSATA Network: 1 x Gigabit Ethernet Management: Web browser Software: Genie and Intego Backup Manager Pro Power: 40W idle, 10W standby

If your company wants to takes data safety seriously, and it should be, you should take an equally serious look at the Lenovo ThinkPad USB Portable Secure Hard Drive. In typical Lenovo fashion its prosaic name is matched with prosaic, but still elegant design: the square-edged, matt black case is enlivened only by the numeric keypad that sits atop it. And this is the key to the "Secure" in its name.

The only way you can get data on or off this drive is to enter a password. By default, you press 1-2-3-4-5-6 and then the Green padlock key to gain access to the drive's contents, but you can change the password to anything you like right up to a 24-key string.

For example, you could devise a variation of the letters found on a phone keypad and use a memorable phrase, and - courtesy of the built-in 128-bit AES encryption - there's no way anyone will be able to access your data.

With encryption automatically applied to data as it's written and read from the device, we expected its performance to suffer. We were wrong.

In fact, when reading and writing 100MB of small files, the ThinkPad Secure Hard Drive turned out to be the fastest USB portable disk we've seen - its time of 6.4 seconds to read and 4.3 seconds to write is only beaten by eSATA devices.

Although it's unusual for a drive to write contents quicker than to read them, we put this down to the encryption and de-encryption process.

It's again quick - albeit not table-topping - when reading and writing large files. A 50MB file took 2.2 seconds to read and two seconds to write, a 650MB file 23 seconds and 26 seconds respectively.

To put that into perspective, that's faster than some FireWire-equipped external hard disks we've tested. If Lenovo could have matched the Secure Hard Drive's electronics with an eSATA interface, we suspect it would have broken all records.

At least USB ensures the Secure Hard Drive is universally compatible, and even better it doesn't require any drivers to work with either Windows XP or Vista. The only potential drawback to carrying it everywhere is that you may find you need to use the bundled USB power cable, though we found it worked perfectly well using the integrated USB cable - this tucks neatly into the side of the drive when in transit.

There are drawbacks to the Secure Hard Drive compared to normal portable drives. First is size: although it's no giant, devices such as Western Digital's My Passport Elite are more compact in every dimension.

But the biggest and inevitable drawback is price: you can pick up the 320GB version of the Elite for around 70 exc. VAT, 50 less than the 320GB Secure Hard Drive. And the 160GB version is even worse value for money, at 102 exc. VAT.

Nevertheless, the Lenovo's sheer speed and unique security features make it a compelling option for companies that need to ensure data is kept secure when carried around. If only the Government used the Secure Hard Drive rather than CDs when passing around our private details.

Verdict

A phenomenal turn of pace matched with unique encryption abilities mean the Secure Hard Drive is a fine choice for companies that need to keep their data safe but it is quite pricey.

Capacity: 160GB (149GB formatted) capacity (part code: 43R2018), Rotational speed: 5,400rpm spindle speed, Interface: USB 2.0 interface (USB 1.1-compatible), Warranty: 1yr RTB warranty, Dimensions: 88 x 122 x 22mm (WDH) Weight: 193g

Portable storage has come on in leaps and bounds in recent years. The first USB memory key I purchased in 2002 had 256MB of capacity and cost me 55. Nowadays, less than half amount will bag you a 16GB stick.

But while solid state storage capacity and value has come on in leaps and bounds, for backing up or transporting larger capacities, a portable hard disk is still what you need.

However, if you have sensitive business information on that drive its very portability puts it at risk of falling into the wrong hands, through loss or theft. If, for example, the data on the USB key lost by an MOD employee earlier this year had been encrypted, its loss would not have been such an issue.

This is where drives we're looking at here come in, as in addition to large storage capacities both offer encryption so that should your drive fall into the wrong hands you can be sure that the contents can't easily be read.

Buffalo MiniStation PRO 160GB

Rating: 5

Buffalo offers its MiniStation Pro in two capacities 160GB, and 320GB. The one we're looking at here is the lower 160GB capacity, and it has a rotational speed of 5,400rpm.

The Buffalo is the more utilitarian looking of the two drives, but clearly function has been prioritised over form though when it comes to data security, that's no bad thing. The casing feels reasonably sturdy and Buffalo says it has an inner floating structure with shock absorbers to further protect the drive. The real protection comes from the 128-bit AES hardware encryption that once a password is set-up, is used to protect all data that's written to the drive.

The oblong drive has a plastic top made up for some reason of small squares and after some days use this began to get marked and bobbled, which isn't ideal. A small/light is set into it to indicate power and disk activity.

Buffalo has placed a small ridge around the edges, with the intention that you can wrap the cable around the drive and clip it onto the other end of the USB connector. This neat touch ensures you can easily carry the cable round with you, and not have to plug it in and out either. Just the other day a colleague broke the connector of his external hard disk and had to crack it open to get at the hard disk inside to retrieve his data.

Plugging in the Buffalo to a Windows XP based laptop, the drive is detected as a mass storage device. However, initially we plugged into a USB hub plugged into our test laptop. However, the install routine failed because the non-powered hub was not delivering enough juice to the hard disk. Plugging directly into the laptop confirmed our suspicions as this time the install routine completed and it popped up as a drive letter.

What then auto pops up is the password utility, where you're prompted to create a password for the drive. It's worth filling in the hint box too, as without the correct password, there's no way of getting access to your data. After entering the incorrect password three times, the hint box becomes active, enabling you to give yourself a reminder.

Once you've entered the password, the drive then mounted as yet another drive letter and from here you can access the drive's contents. An icon also sits in the system tray giving you options over how drive loads the next time.

In our testing, copying over a single 1.36GB files to the drive took 95 seconds, and copying them back took 106. Meanwhile testing with many files, a folder consisting of 1.28GB of images, took 235 to write to the drive, and 145 seconds to write from. A good, if not spectacular performance.

In use, the Buffalo proved reliable under Windows XP and Vista and we felt comfortable throwing it in a bag and relying on it to securely and reliably transport our data.

Fujitsu HandyDrive 500GB

Rating: 3

The Fujitsu HandyDrive beats the Buffalo on two clear points. Firstly, its capacity ranges from 160GB, which at 49 ex VAT will cost you a little less than the Buffalo, up to 500GB, which we found online at Dabs for 82.50 ex VAT. The one on test is the 500GB model, though actually this provides 465GB of formatted capacity.

Secondly, it's undeniably a far better looking piece of hardware with a sleek translucent black cover that curves at one end, and when plugged in, a yellow power light under the skin at the other. It's clearly a sexier housing for a 2.5in hard drive and when you see it you'll want to own one. It's even supplied with a swish carry case to keep it protected on the move, which makes it all-in-all, a nice package.

However, it's also loses out to the Buffalo on several points. Firstly, there's no handy way of carrying the USB cable, so you'll be in danger of leaving it behind when you travel. Secondly, the drive inside only spins at 4,200rpm, which immediately should place it at a performance disadvantage.

Thirdly, and the issue of most concern, is that the encryption software is not preloaded onto the hard drive. This means that to access your password encrypted content you have to install the software yourself each on every time otherwise you have no way of entering your password to get to your data.

This means that you have to take the software disk with you on the supplied CD, copy it to a US B drive or download it from the internet. A quick Google pointed me to the software, but it's hardly an ideal solution, especially if you don't happen to have internet access on the machine you're hooking up to. The Buffalo, with its auto-loading password utility, is a more practical and time saving solution.

To make matters worse, as we suspected, the Fujitsu proved to be a relatively sluggish performer, taking longer than the Buffalo at nearly every test with 113 seconds to write the 1.36GB of files, compared to 95, and 253 seconds to write the small files compared to 235 seconds. Reading the smaller files tool longer too 190 seconds, compared to 145 seconds. In a real usage scenario the drive felt painfully sluggish, and if you're copying a large amount of data, this will prove frustrating, no matter how good looking the chassis is.

All-all-in, it might be the better looking piece of kit, but if you really want a password encrypted portable hard disk, the Buffalo definitely is the one we'd go for.

Verdict

This is beauty and the beast as far as portable hard drives go. But while the Fujitsu wins in the style stakes, as a serious piece of security hardware, the Fujistu proves slow and frustrating while Buffalo MiniStation Pro takes the plaudits thanks to its hardware encryption, a convenient auto loading password utility and a reasonable turn of speed.

Buffalo MiniStation PRO 160GB Capacity: 160GB Rotational speed: 5,400rpm Connectivity: USB 2.0 Encryption: 128-bit AES (hardware) Dimensions: 84 x 127x 23 mm (D x W x H) Weight: 275g Warranty: 2 years Fujitsu HandyDrive 500GB Capacity: 500GB Rotational speed: 4,200rpm Connectivity: USB 2.0 Encryption: Software Dimensions: 82 x 142 x 22 mm (W x D x H) Weight: 220g Warranty: 1 year

Researchers at Princeton University's Centre for Information Technology Policy have published results of research that shows Vista, Mac OX and Linux disk encryption products can be easily defeated.

With so much attention focused on securing data stored on mobile devices including laptops, the research revealed yesterday that these common disk encryption products could be cracked by 'cold boot' attacks could cause concern among IT organisations.

The research demonstrates how to steal the hard drive encryption key used by Windows Vista's BitLocker, Apple's FileVault or Linux's dm-crypt and how, with that key, hackers could get access to all of the data stored on an encrypted hard drive.

The method takes advantage of the physical properties of the computer's memory chips or dynamic random access memory (DRAM). The researchers have found residual data can linger for minutes in the DRAM as the computer shuts down or is in hibernation mode.

Alex Halderman, a Princeton graduate student who worked on the research paper, wrote in his blog: "Our results show that an attacker can cut power to the computer, then power it back up and boot a malicious operating system (from, say, a thumb drive) that copies the contents of memory."

Once copied, the attacker can search through the captured memory contents, find any cryptographic keys it may store, using them to unlock and decrypt the hard disk contents.

"We show very effective methods for finding and extracting keys from memory, even if the contents of memory have faded somewhat (i.e., even if some bits of memory were flipped during the power-off interval)," he said. "If the attacker is worried that memory will fade too quickly, he can chill the DRAM chips before cutting power."

He added that even those systems that wipe the memory when they boot up could be vulnerable using the cooling method, where chips are frozen to -50 degrees Celsius, giving the researchers time to install the memory in another PC that would boot without wiping out the data.

The research team was led by Princeton University, with researchers from the digital rights, Electronic Frontier Foundation and device software optimisation vendor, Wind River Systems.

Although Microsoft, Apple and some commercial Linux vendors had not responded to requests for comment at the time of writing, Symantec's chief scientist Guy Bunker told IT PRO the findings demonstrate the growing complexity of systems and devices.

"The first thing to observe is that encryption technology from ten years can almost now be broken with a Casio watch. It's a war out there and hackers realise, that with enough motivation to break technologies, the gains are worth the effort," he said.

"But the great thing about software today is that we can issue patches for these things that would, for instance, overwrite the memory on shutdown so the hacker could then look at residual memory to his heart's content."

Anyone who has had their hard drive die on them, only to discover their last back-up was made 18 months ago, has learned one important aspect of storage security. But back-ups are only part of an increasingly complex picture.

Our data now resides on a variety of media and devices - from the desktop PC, to the PDA, the email server, the USB drive and even a mobile phone. It also gets transferred across networks both inside and outside the organisation that owns it. The challenge is not only to ensure the data is not lost or destroyed, but that it does not fall into the wrong hands.

As a number of recent high-profile cases have shown - at Nationwide, and Marks & Spencer, to name but two - a lost laptop computer can cause major panic if important or confidential data is sitting on its hard disk. It not only exposes personal data to potential theft, but it also makes the company in question look slapdash and unreliable.

More to the point, an increasing amount of regulation and legislation is forcing companies to protect and preserve data more effectively. The rules cover everything from personal data protection, the archiving of emails and activity logs in case of litigation, and the encryption of credit card details.

Add to that the risk of a thief or disgruntled employee copying valuable or secret information on to a USB device or even a harmless-looking iPod, and the need for a more serious approach to storage security is clear.

The role of encryption

In the wake of various security breaches, many companies have seen encryption as a silver bullet for all their ills. They believe that by forcing users to encrypt the whole of their hard disk solves the problem, which it does, but only up to a point.

For a start, encryption does not come without its own problems. It may slow down the system, and if the key is lost, the data is lost too. Key management comes with an administrative overhead which some companies may struggle to master.

"All the database vendors are building in encryption features," says Alex van Someren, the former chief executive of security vendor nCipher. "Oracle is doing it, and Windows Vista has the BitLocker feature, which allows you to scramble everything on your hard disk and then use a combination of a TPM chip and/or a USB stick as a sort of ignition key, to let you unlock the files.

"But for a big company, turning on disk encryption on every PC is a helpdesk nightmare. If you do that, it means that anyone who loses their key has effectively shredded all their data. Powerful tools have powerful risks."

Encryption also does not solve the problem of the legitimate user with a grudge who wants to leak information to a rival company, for example.

So how should a company approach the problem?

A good place to start is by classifying data in much the same way the military does it. Decide which information is confidential or top secret and treat it with more care, restricting who can see it.

However, very few companies do this, according to Chris Gale, head of European business for storage security firm Decru. "We can sometimes spend months explaining the need for classification and definition of policies and procedures," he says. "But in nine times out of 10, it will only be after they have had a business risk or an exposure that they'll come back to us and want a rapid deployment. That's not good for us or them."

Trying to force security into an existing infrastructure, often under pressure from senior management to do it quickly, does not yield the best results. He says the best time to do it is when you are doing a storage refresh, or changing the system architecture. "If you are upgrading your Fibre Channel fabric, for instance, deploying encryption and data security at that point and doing it all in one go, sizing it, knowing the throughputs, is a good thing," he says. "Forcing a few boxes into an existing infrastructure has a ripple effect through the business and presents other challenges to the IT folks."

Understanding data

The basic groundwork of classifying data need not be too onerous or even too detailed. It can start with a broad-brush approach, but it requires the security people and the business to work together to grade different applications or files, and to decide what is critical and what should be freely available. Having done that, the process of protecting the most valuable or mission-critical information becomes a lot easier, and job roles can be mapped against data security levels. It also means that efforts can be focused where they are most needed.

By applying role-based access through Active Directory, for instance, it is then easy determine who can and cannot see 'company confidential' or 'top secret' data.

The other key part of the strategy, as with all aspects of security, is to sort out people and processes. Security awareness programmes are probably one of the most effective ways of improving security and also the cheapest. Making all users realise why security is important can be worth more than a lot of technological fixes.

Users also need to be guided by clear policies that they can understand and sign up to. If the policies are obscure, boring and have no relevance to the job of the person reading it, then enforcement of policy is always going to be a struggle.

In the case of the Nationwide employee whose laptop was stolen, for instance, it has never been made clear whether he should have had a copy of the whole customer file on his PC, and whether that was covered by any policy.

In most organisations, the policy will usually concentrate on what is acceptable usage - the websites users access, the amount of time they spend on recreational or personal usage, and the kind of language they use in emails - rather than on the way they manage files.

With the new focus on information leakage (especially in industries where regulatory compliance is enforced), policies will need to outline how files and individual records should be properly handled in much more detail. And they will need the technology in place to flag up any policy breach.

If proper data classification has taken place, then a customer file could be expected to be classed as 'company confidential' at least, and any large-scale copying should be either blocked, or should throw up an alert somewhere to ensure it is a permitted transaction.

The key point to make is that storage security is not something you buy off the shelf, any more than other aspect of security. The technology is, of course, there to encrypt files, to manage encryption keys, to enforce the rules of your security policy, and even to spot suspicious behaviour on the network.

Technology does not remove the need to think about what data to protect, and that means communicating with the business owners around the organisation, and coming to a joint decision about how to proceed. It also means communicating in clear terms with users to ensure they understand why any of this matters.

Automotive industry supplier Continental, best known for making tyres, is standardising and centralising its use of encryption technology to secure its corporate laptops.

The tyre manufacturer is rolling the technology out to its 6,000-strong mobile workforce who need to manage potentially sensitive and confidential data on the move as the latest phase in a programme to strengthen its security measures.

"An encryption solution that handles individual files or containers isn't suitable for securing a laptop hard disk because it doesn't protect temporary and swap files," said Thomas Ullrich, Continental chief security officer and head of the company's internet and intranet security competence centre.

"Plus, such solutions require users to store sensitive files in protected areas. If you want to protect data on a laptop, you can either encrypt individual files, parts of the hard disk using a 'container' approach, or the entire hard disk."

Continental has chosen to deploy PGP Whole Disk Encryption, which provides non-stop disk encryption, including boot sectors, system and swap files and integration with Microsoft Active Directory to automate user enrolment and manage encryption policy.

It will also install PGP Universal Server for centralised web-based administration of applications, users, policies, provisioning, logging and reporting enabled by the email and data encryption software provider's Encryption Platform.

"Best of all, we didn't have to touch every laptop - it's centrally deployed and managed," said Ullrich, adding that the remote management capability, ease of administration and transparency to users would benefit the company's data security and reputation.

"A security breach could have a tremendously negative effect on our relationships with our customers and brand," he said.

recent experience

The theft of a laptop holding top secret security information on next week's Labour Party conference has shown the lack of security awareness in government.

The computer, along with details of the conference schedule and whereabouts of the Cabinet, as well as information on next month's Conservative Party conference in Bournemouth, was stolen on Wednesday from a car belonging to a senior Army officer.

Its disappearance has sparked a huge police operation to ensure that politicians don't face any added risks should the unprotected data fall into the wrong hands.

"Carrying company or organisational data outside of the office is like playing Russian roulette," says Lynton Stewart-Ashley EMEA director with security firm GuardianEdge.

"Simple hard disk encryption removes the bullets from the chamber. This whole incident has highlighted the necessity for laptop users to employ electronic data protection measures, encryption being fundamental for protecting this information."

Once encrypted, stored data is completely inaccessible, he says, protecting drives full of confidential files, such as medical records and competitor and customer data.

Greater Manchester Police say that the matter is being fully investigated. "Security arrangements for the Labour Party conference have been fully reviewed and internal procedures re-examined," said a GMP spokesman.

The spokesman said that the police are fully aware of what information was contained on the laptop, and said the information has been reviewed to see if there are any security implications for the conference.

"We would like to reassure the public that GMP's priority is to ensure that the conference and those attending it are safe and secure and we have implemented a robust policing operation to achieve this, while causing minimum disruption to the public," he added.

This is hardly the first incident of its kind, with security experts warning that cyber-thieves are targetting publically carried laptops and PDAs as the easiest way to bypass the data security measures of high profile organisations. Last year, a drunk MI6 agent had a laptop chock full of classified government data stolen as he sat in a pub.