Kaldor :
In this situation do you really need a central control? I could understand if it was a bootable device like a laptop where you may need to do in the field recoveries. However all you really need for this is a list of PWs stored on a spreadsheet on a server with access given to only certain individuals. Not a difficult concept really. You need to look closer at Truecrypts features. It makes most so-called "enterprise" solutions look like trash.
Ironkeys are nice, but an 8gb key for $269 a piece. Give me a break. I doubt if your company is storing national security on your USB drives, lol. You could buy a 10 decent 8gb drives for the price of one Ironkey, put Truecrypt on them for free other than your time, and be further ahead. Not to mention every time a knucklehead loses one of these you dont have to justify losing an almost $300 flash drive to your boss.
As far "non-tech savvy end users" go. There is nothing for them to know really. You put the drive in and enter PW. Not really that hard. I work for the State of WI doing level 1 and 2 tech support. I know first hand how stupid a user can be.
That's a valid point, however, I noticed one thing about the TrueCrypt feature that would cause a problem. Here is the problem quoted from the TrueCrypt website. "In Windows, a user who does not have administrator privileges can use TrueCrypt, but only after a system administrator installs TrueCrypt on the system. The reason for that is that TrueCrypt needs a device driver to provide transparent on-the-fly encryption/decryption, and users without administrator privileges cannot install/start device drivers in Windows."
http://www.truecrypt.org/docs/?s=administrator-privileges
Many of my users will be taking company data to customer sites for presentation, business meeting, etc.. The admin privileges would be a major complication to that situation.
Also, I am talking about ITAR regulated data. This is not "Top Secret" information but we do need to comply with the US governments ITAR regulations. That is why I need central control of the USB device.
Don't get me wrong. TrueCrypt is an assume product and believe me the price is right, but until they can fix the admin privileges issue I don't think it would work for my company. I will use it for my personal stuff though so thanks for the tip.