15 Best Encryption Software & Tools
As attackers continue to evolve their tactics, protecting exposed data with encryption remains a critical security practice. However, the type of encryption tool an organization needs depends upon its sophistication and use cases.
While banks and government agencies might be worried about quantum-computing-proof encryption, many small and home offices (SOHO) have yet to shop for their first encryption tool. Fortunately, a huge variety of encryption vendors provide options to satisfy a broad range of needs.
Need a refresher on encryption before reading the article? Read Encryption: How It Works, Types, and the Quantum Future first.
Small security teams or small office and home office (SOHO) users have limited needs and often need to use free tools that offer limited but adequate capabilities for simple needs. For full disk encryption, organizations can use software built into the operating system (Microsoft BitLocker, Apple File Vault, etc.), but these solutions only cover local drives and cannot be used for file sharing or separate encryption passwords for critically important data. The third-party tools in this section provide additional capabilities worth exploring, but as free tools often provide limited support.
Table of Contents
7-Zip is a prominent free, open-source encryption tool for local file encryption and compressed storage. Much of its code is under the GNU LGPL license, with other parts under the BSD 3-clause and the unRAR licenses.
7-Zip is a free tool and can be downloaded and used on any computer.
The Gnu Privacy Guard (GnuPG or GPG) open source tool provides convenient and effective implementation of the Open Pretty Good Privacy (OpenPGP) encryption standard developed for email. GnuPG turned 25 in 2022, continues to be updated, and is often built into other commercially available tools.
GnuPG is an open source, free tool.
VeraCrypt is a free, open-source disk encryption software that can be used on Windows, macOS, and Linux systems. VeraCrypt forks off of the popular TrueCrypt project and adds features that enable obfuscation and secrecy.
Three key features (unique setup, nested encryption, and hidden volume) can be combined to create hidden repositories. The master repository can be obfuscated to appear to be another large file type (movies, photos, etc.), and can be opened using two distinct passwords in case the user is forced to reveal the password. One password opens the vault and allows access to all files, but the alternative password hides some files and folders.
VeraCrypt is open source and available for free.
Free tools solve basic problems, but as a business grows, managing the deployment, update, and coordination of free products becomes too time consuming and burdensome. Growing companies need centralized control and the additional features of more professional encryption solutions. Tools in this category focus on the encryption of files saved to local and network shared devices.
AxCrypt Premium enables users to encrypt files locally with the AES-256 encryption algorithm and to share them using AxCrypt key sharing. It protects sensitive and classified information of all levels and simplifies the process of securing folders via automation.
AxCrypt offers a one month trial period and a 20% discount when customers select annual billing instead of monthly billing. The published price for AxCrypt Business is $12 per user per month.
NordLocker Business provides data encryption, data synchronization, and secure file sharing wrapped into one application. The cloud-based application is part of the same group of companies behind NordSecurity, NordPass, NordLayer, and NordVPN.
NordLocker offers a free 14 day trial and three levels of plans for NordLocker Business:
Trend Micro Endpoint Encryption encrypts data on PC and macOS laptops, desktops, USB drives, and removable media. It is available as a separate agent and combines enterprise-wide full disk, file/folder, and removable media encryption to prevent unauthorized access and use of private information.
Trend Micro offers free quotes and free trials of the Smart Protection Suite that includes the Endpoint Encryption tool instead of published pricing. Trend Micro also helps organizations to find a resale partner that can likely provide bulk pricing or other incentives. A license for a single user and up to 500 endpoints is estimated to be between $75 and $85 per year.
Current email protocols send email contents in plain text. If an adversary intercepts or gains access to email, they can easily read the contents.
Most email programs, such as Microsoft 365 or Google Mail, offer built-in encryption options, but those encryption schemes require a supporting recipient email server and will sometimes send emails unencrypted to recipients with incompatible mail servers.
Organizations with strong secrecy requirements or facing regulatory enforcement for data breaches need additional security and reliability from a separate tool to deliver email encryption. While some organizations will solve multiple email issues using embedded features in an email gateway, others prefer a specialty email encryption solution.
Cisco’s Secure Email Encryption Service uses registered envelopes to ensure that only the correct recipient receives both the message and the decryption key needed to read the encrypted message. The service is available as a standalone service, but also integrates with Cisco Secure Email gateways.
Cisco does not publish prices for Secure Email Encryption services, however, they do offer demonstrations and free trials of the product. Secure Email Encryption is also available as an add-on for Secure Email Essentials and is included with both Secure Email Advantage and Secure Email Premier.
More than 4,000 customers send 68 million emails monthly via the Paubox Email Suite that boosts major business email platforms with additional security and encryption functions.
Paubox offers three versions of the Paubox email suite, Standard, Plus, and Premium. All versions have a free trial period, bill annually based on the number of users, and require a minimum of five users. According to their price calculator, prices start at:
In 2014, 10,000 people crowdfunded Proton AG to create a fully secure and encrypted internet-based service in Switzerland. Proton has grown to offer secure email, privacy, calendar, and VPN solutions for individuals as well as for business.
Proton Mail offers three levels for their Business service priced per user per month with significant discounts for 12-month and 24-month billing. Organizations that want to test Proton Mail can sign up for a free individual account to test the user experience.
All accounts come with contact groups management, calendar sharing, unlimited folders, labels, and filters. Business monthly pricing starts at:
The modern IT environment includes containers, web servers, database servers, and other infrastructure that integrate with third party applications and services (shopping carts, credit card processing, etc.). Static encryption of data at rest does nothing to protect this data in active use.
For fully controlled applications and databases, organizations can write code and adjust database settings to encrypt or tokenize the data within the software. Third-party applications require other technology, such as Application Layer Encryption (ALE) solutions that maintain encryption within the application layer so that there is no opportunity for unencrypted data to be leaked.
Opaque provides a platform to share encrypted data between applications for collaborative analysis and artificial intelligence processing.
Opaque does not list pricing, but interested parties can see a demo or contact the company for pricing.
The Thales Group combined Vormetric Application Encryption technology with the SafeNet ProtectApp solution to create the CipherTrust Application Data Protection products. The solution requires the purchase of several tools, but organizations can select SDK or RESTful application encryption solutions.
Thales does not publish pricing, but it enables contact to their sales team to obtain a quote.
Vaultree encrypts data for storage in databases and then encrypts future queries as well to perform encrypted searching. The Vaultree software development kit (SDK) provides plug-and-play encryption for any database client.
Vaultree does not list pricing, but does offer free demos.
The largest enterprises have complex and varied encryption needs and seek multi-faceted solutions capable of providing encryption solutions from one end of the organization to the other. The tools in this category offer multiple types of encryption to solve a variety of problems for growing organizations.
IBM offers a suite of Security Guardium products to enhance data protection including several encryption solutions: Guardium Data Encryption (GDE) and Guardium Key Lifecycle Manager. These tools work with other IBM offerings such as hardware security modules, certificate management, and IBM Cloud key management services.
For all IBM Security Guardium products, the pricing will depend upon existing or planned configurations as well as the licenses for the selected offerings. Interested organizations will need to contact IBM to understand which licenses suit their needs and the estimated cost for those licenses. IBM also provides consulting services for the implementation and integration of their products directly and through a network of partners.
Micro Focus, now wholly owned by OpenText, offers a suite of tools under the CyberRes Voltage brand name for data management and security. Within the portfolio, customers can obtain encryption options for end-to-end encrypted email, secure file collaboration, and transparent file encryption.
CyberRes enables free trials for many products but generally requires an organization to contact the company for quotes, likely because of the complexity of their diverse offerings.
Pricing can be found for an annual license for up to 50 users of Voltage SecureMail Cloud is priced at $99 / user. However, Micro Focus offers different licensing schemes for Academic, Business, Government, Hosting, and Non-Profit customers so direct contact with Micro Focus or their resale partner will probably be the best option to avoid confusion.
Founded in 2011 by two ex-employees of the US government, Virtru builds on the Trusted Data Format (TDF) standard developed by co-founder Will Ackerly. Serving over 7,000 customers, Virtru’s data-centric security enables zero-trust, granular policy controls for data throughout an organization’s ecosystem to enable email and file sharing with end-to-end encryption.
Virtru provides three levels of pricing: Starter, Business, and Enterprise. Prices for Starter and Business are listed, but enterprise requires a custom quotation. Prices are quoted on a monthly basis assuming five users and annual billing:
While quantum computers now ship for prices between $5k and $15 million USD, most quantum chips still produce errors and encounter stability issues. These issues indicate the true threat of breaking standard encryption with quantum computers to be a few technology generations away.
However, data stolen now might be encryptable in the near future, so many organizations with high security concerns look to develop quantum-safe cryptography ASAP. The US National Institute of Standards and Technology (NIST) recently approved quantum-safe cryptographic algorithms, but AES-256, SHA-256, and SHA-3 can still be quantum-resistant with larger key sizes and outputs.
Dozens of companies already exist selling various solutions for quantum-proof encryption, but without the computers and the expertise available to test these technologies, most of us need to take their marketing claims at face value – never the best option. For now, we’ll briefly cover a handful of solutions and look forward to providing a more formal product analysis as the technologies evolve.
Entrust Public-Key Infrastructure (PKI) as-a-Service already manages cryptographic keys for their clients. In preparation for a post-quantum world, Entrust offers post-quantum product trials to test migration to quantum-resistant algorithms.
IBM z16 Hybrid Cloud Serverssupport lattice-based digital signatures based on CRYSTALS-Dilithium Digital Signature Algorithms that rely upon polynomial matrix calculations instead of prime numbers. Currently, the two CRYSTALS algorithms supported by the z16 servers have been determined to be quantum-computing-resistant algorithms.
Toshiba Quantum Key Distribution creates a physics-based quantum decryption-proof delivery of one-time encryption keys to ensure unhackable information delivery between a sender and receiver. Toshiba recently set a record for distance with reliable quantum key distribution over a distance of 100km using commercial fiber cable. While this enables secure communication within a city, it would not even reach halfway between Boston and New York.
Pros: Primarily, encryption protects data from the inevitable compromise. Scrambled data becomes less useful to competitors and adversaries and protects against regulatory risk. Encryption can also protect an organization from internal risk by making data less valuable to tempted employees. Many compliance protocols require encryption of some sort to protect data.
Cons: The added security of encryption comes with a host of trade-offs such as added expenses, effort, and time for implementation, management, and maintenance. Encryption processes can also lead to decreased performance and increased user complaints.
Cautions: Encryption done poorly undermines expected protections. For example, encrypted data is only as secure as the encryption keys used in the encryption process, so poor key management can render encryption useless.
Additionally, some encryption algorithms only encrypt data at rest, so once an encrypted file is opened, the temporary file created by the application may not encrypt the temporary file also stored in that folder. That file can sometimes persist and allow for data to be stolen even though the file itself is re-encrypted. Better tools encrypt the data in use or also encrypt temporary files.
Encrypted files can also complicate security and legal investigations by increasing the complexity of the tools, time, and costs associated with inspecting the data. However, better encryption tools build-in features for encrypted search, e-discovery functions, or integration with security tools.
Also read: Encryption: How It Works, Types, and the Quantum Future
Market research was performed on the encryption category to determine popular solutions. Based upon product reviews, industry discussions, and industry rankings, the list was narrowed to top candidates and those candidates were classified by their capabilities and focus.
Tool features particularly the critical functions that centralize encryption controls and key management were used to roughly rank competitors. Other aspects such as price, prominence, integrations, and extra features helped us make the final list.
A large number of vendors offer features and functions for various types of encryption. Encryption also is frequently added as features of other tools such as endpoint detection and response and the encryption market continues to evolve rapidly so we can expect this list to change in the future.
Encryption provides meaningful baseline security throughout an organization, meets many compliance requirements, and dramatically lowers the risk that stolen data can be exploited. Like all security tools, misuse or unreasonable expectations can undermine security or leave gaps, but these limitations should not cause an organization to hesitate to adopt the technology.
The continuous rise in data theft, especially through ransomware attacks, should encourage every organization to adopt encryption as a fundamental tool to strengthen the security stack. The increasing adoption of encryption also suggests a point in the near future where a breached organization without encryption in place will be found negligent by investigators and within courtrooms.
This article was originally written by Drew Robb on August 4, 2022. It was updated by Chad Kime on February 21, 2023.
Top Cybersecurity Companies
See full list
eSecurity Planet is a leading resource for IT professionals at large enterprises who are actively researching cybersecurity vendors and latest trends. eSecurity Planet focuses on providing instruction for how to approach common security challenges, as well as informational deep-dives about advanced cybersecurity topics.
Advertise with TechnologyAdvice on eSecurity Planet and our other IT-focused platforms.
Property of TechnologyAdvice.
© 2023 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.