Why you can trust ZDNET : ZDNET independently tests and researches products to bring you our best recommendations and advice. When you buy through our links, we may earn a commission. Our process

'ZDNET Recommends': What exactly does it mean?

ZDNET's recommendations are based on many hours of testing, research, and comparison shopping. We gather data from the best available sources, including vendor and retailer listings as well as other relevant and independent reviews sites. And we pore over customer reviews to find out what matters to real people who already own and use the products and services we’re assessing.

When you click through from our site to a retailer and buy a product or service, we may earn affiliate commissions. This helps support our work, but does not affect what we cover or how, and it does not affect the price you pay. Neither ZDNET nor the author are compensated for these independent reviews. Indeed, we follow strict guidelines that ensure our editorial content is never influenced by advertisers.

ZDNET's editorial team writes on behalf of you, our reader. Our goal is to deliver the most accurate information and the most knowledgeable advice possible in order to help you make smarter buying decisions on tech gear and a wide array of products and services. Our editors thoroughly review and fact-check every article to ensure that our content meets the highest standards. If we have made an error or published misleading information, we will correct or clarify the article. If you see inaccuracies in our content, please report the mistake via this form.


The best encryption software: Protect your data

From home officers to on-premise, hybrid environments, and cloud solutions, we have you covered.
Written by Charlie Osborne, Contributing Writer
Microsoft BitLocker | Redmond's solution
Microsoft BitLocker
Redmond's solution
View now View at Microsoft
IBM Guardium | Data protection platform
IBM Guardium
Data protection platform
View now View at IBM
Apple FileVault | Built-in on the MacOS operating system
Apple FileVault
Built-in on the MacOS operating system
View now View at Apple
AxCrypt | Widely adopted encryption solution
Widely adopted encryption solution
View now View at AxCrypt
Trend Micro Endpoint Encryption | Part of the Smart Protection Suites range
Trend Micro Endpoint Encryption
Part of the Smart Protection Suites range
View now View at Trend Micro

When mass data collection and big data analysis exploded on the technology scene, security and encryption, unfortunately, took a back seat. 

In a world where data breaches happen on a daily basis -- involving everything from device theft to vulnerability exploitation and open AWS buckets exposed for the world to see -- businesses and home users alike should educate themselves and employ encryption software where they can protect their personal data or information they have become controllers of -- and, therefore, may be legally liable if records are stolen or leaked.     

Encryption can help protect information stored, received, and sent between systems, such as between transfers in enterprise networks or in simple browser sessions. Readable information is scrambled through the use of encryption keys, and then algorithms that can sort through this text and return it to a readable format. For example, today, the Advanced Encryption Standard (AES) using 128- and 256-bit key lengths are commonly used worldwide. 

If strong encryption and security practices are not in place, businesses are not only opening themselves up to potential cyberattacks, but also the loss of corporate and customer information, fines for non-compliance with laws including HIPAA and GDPR, financial damage, and the loss of reputation. At home, encryption can protect your personal files and communication and keep them safe from prying eyes and from theft.

Below, we list our favorite encryption solutions, suitable for home users, SMBs, and enterprise players. 

Microsoft's BitLocker, available on business editions of the OS and server software, is the name given to a set of encryption tools providing XTS-AES 128-bit device encryption.
The Redmond giant's solution is focused on the encryption of drives on a device out of the box and can also be used to protect removable drives through BitLocker To Go. Recovery keys can also be set to retrieve data should firmware issues or errors prevent IT administrators from accessing encrypted drives. 
A set of admin tools, including features such as enabling the encryption of full drives and other media, as well as domain or Microsoft account linking, are included. 
BitLocker's hardware specifications require an onboard Trusted Platform Module (TPM) chip and Modern Standby support, two elements generally supported on modern Windows PCs.  
BitLocker is built into the Windows operating system but only a limited set of encryption tools are included with Home editions, the standard OS that many PCs consumers purchase. BitLocker is available on Windows 10 and 11 (Pro and above).
Interested in BitLocker? You can check out our user guide here.


  • Free
  • User-friendly interface


  • Not fully available on Home versions of the Windows operating system

IBM Guardium is a data protection platform that pulls together a suite of security tools in an effort to streamline data management and reduce vendor product disparity. 

Encryption services are included for corporate data, alongside data discovery and classification, vulnerability scans, data activity monitoring, analytics, and compliance reports, among other features.
IBM Guardium for File and Database Encryption can be used to encrypt on-premise files and databases by leveraging the hardware encryption capabilities of host CPUs.
Data can be encrypted on the go without taking business applications offline, levels of encryption can be enabled to match user access rights, and keys can be managed from a central platform. IBM says GDE "equips organizations with powerful tools to help combat external threats, guard against insider abuse, and establish persistent controls, even when data is stored in the cloud or an external provider's infrastructure."
A useful accompaniment to IBM encryption is access policies that can be set to identify anomalous behavior such as mass copy and deletion of files and directories. FIPS 140-2 certified cryptographic keys can also be generated for cloud key management.
IBM Guardium is a subscription-based service provided on request and is most suitable for enterprise companies willing to invest in a one-stop-shop solution for data management and protection. 


  • Can be used for GDPR, CCPA, PCI DSS, and HIPAA compliance and report generation
  • Scale to 10,000+ agents


  • Some users report that graphical interfaces could be improved

Apple's FileVault is built-in on the macOS operating system. Apple first introduced FileVault in 2013, later upgrading to FileVault2 on macOS Lion and later versions. The onboard system can be enabled to encrypt all information stored on disk to prevent the theft of data by anyone without access or account credentials. iMac Pro and users of devices with Apple T2 chips will have their information encrypted automatically. 
Modern CPU power is leveraged to provide AES 128/256-bit encryption. Users can choose to leverage their iCloud account credentials or generate a recovery key to unlock disks if they forget their standard device password. 
However, businesses should not consider FileVault to be a full, robust solution for data security; rather, it is a useful addition for ensuring a basic level of encryption and protection. 


  • Free


  • Entry-level encryption but not suitable for business use

AxCrypt is an encryption solution that has been widely adopted and should be considered if more than one individual is using the same machine on a regular basis. 
Files are secured with AES 128/256-bit encryption on Mac and Windows machines through simple one-click functionality. Once files and directories are secure they can be accessed with a password, of which more than one AxCrypt user can open if they have been given permission to do so. In addition, information can be locked down across mobile devices and encryption standards can be extended to cloud services, such as Google Drive or Dropbox.
Business users can manage passwords through a central platform. 
A free, trial version of AxCrypt is available as well as a mobile version. Yearly subscriptions for premium and business versions, including extended features and licensing for more than one machine, are also on offer. 


  • Simple user functionality
  • Cloud storage encryption 


  • Outdated look
  • Some users report friction with the mobile apps

Trend Micro's Endpoint Encryption software, part of the Smart Protection Suites range, can be used across Macs, Windows machines, and removable media to encrypt either full disks or individual files and folders. 
AES 128/256-bit encryption is on offer through passwords and multi-factor authentication across endpoints. Multiple user and administrator accounts can be set for individual devices. 
Other functionality includes the release of one-time passwords to access endpoint data, the remote wipe or lock of stolen devices, lockouts automatically enabled in response to failed authentication attempts, pre-boot auth, and the support of consumer-grade encryption services including BitLocker and FileVault. 
The management console for the software and keys can be integrated with other Trend Micro software. In addition, the suite is FIPS certified. 
Trend Micro's Endpoint Encryption solution is priced based on request. 


  • Flexible encryption options across different media
  • Centralized policy managmement


  • Some clients report the need for process and interface streamlining

How did we choose these encryption software options?

When we considered our recommendations for encryption software, we focused on three themes: strength, the flexibility of use, and both multi-device and OS support. While enterprise organizations need robust solutions for coping with vast amounts of data, home users, too, could not be ignored as their personal data is just as valuable and should also be protected.

Which encryption software is right for you?

While some users and small businesses may need no more than simple, standalone encryption offerings to protect content on PCs, today's encryption solutions in the enterprise space -- especially important for larger firms -- must also keep hybrid environments and remote working in mind.

There is a high demand for encryption solutions able to protect corporate, sensitive data that may be accessed remotely by workers and hosted either in the cloud or in company networks.

Strong encryption is now necessary when files must be shared with others not only to maintain corporate privacy and compliance over networks, but home use, to also ensure data does not end up in the wrong hands.



Encryption bit


Microsoft BitLocker


XTS-AES 128-bit

Windows 10 and 11 (Pro and above)

IBM Guardium

Custom pricing


Windows and Mac

Apple FileVault


AES 128/256-bit




AES 128/256-bit

Windows and Mac

Trend Micro Endpoint Encryption


AES 128/256-bit

Windows and Mac

What different levels of encryption are available?

Symmetric encryption and asymmetric encryption are the types commonly used today, including AES and RSA. These forms of encryption are used in security protocols including TLS/SSL, SSH, as well as PGP communication. 

One challenge faced by businesses, however, is protecting data both in storage (at rest) and when information needs to be decrypted while in use (in transit). 

Quantum and homomorphic data encryption are being explored by technology vendors, but we aren't there quite yet when it comes to commercial rollouts. 

What types of data should be protected by encryption?

At home, end-to-end encryption for online communication and hard drive encryption is valuable for adding a layer of privacy to your conversations and locking up content contained on personal devices. In business use cases, with regulators clamping down on data breaches through legislation such as GDPR, consumer and corporate records should be protected when at rest -- and cloud storage, such as AWS buckets, should be configured properly so they are not open or accessible to the public. 

Are there other encryption software options to consider?

Here are a few others to look into:

Editorial standards