I have been evaluating a new SaaS mobile data encryption solution from a company called HyBlue. The product is called IceLock, and essentially they put all the management of the encryption in the cloud without storing the keys in the cloud. They offer some other services as well, but this one is what they asked me to review.
While I cannot get into a full review right now, I can say that it looks pretty good. It uses a virtual drive for encryption instead of a full disk or file encryption solution. So once you install it and start the service, it creates a new drive letter. If you want something to be encrypted, you just pull it into the drive. The typical install they see targets the My Documents folder, which makes sense, but it is flexible and allows other directories to be encrypted as well.
It uses a combination of the motherboard serial number, a password, and multiple other factors to create an ephemeral key for encryption. So basically, you can’t walk out with the disk and expect it to work on another system. They also say that "all keys are deleted from RAM and overwritten with random data" during hibernation, screen saver activation, power-off, log-off, etc. (I think they generate a key every time your system comes out of the screen saver or hibernation state because I have to enter my password every time – that can get annoying).
The install process and management are still kinda kludgey. However, they are nothing of not flexible and willing to take criticism (they made a change based on a question I had within just a few days of my asking) so I expect this to change fairly quickly.
Anyway, take a look. I am putting it on a VM (which they say will work fine) since it is fairly new, but I haven’t experienced any issues.