Setting proper permissions is a good place to start when securing your Vista workstation, but you can go one-step further by encrypting files on your workstation. Encryption provides another layer of protection for information that must be kept private. Vista includes two encryption technologies, Encrypting File System (EFS) and the new Bitlocker, that when used together, provide a high level of storage security.
Bitlocker Drive Encryption is new in Vista. It is designed to protect a computer against data theft by encrypting the entire Windows volume. It ensures that your data remains encrypted, even if the computer is tampered with. For example, if a malicious user moves the hard drive to another computer, he or she will not be able to view the contents of it.
Beginning with Windows 2000, Microsoft built encryption capabilities into the operating system, and the encryption functionality has been improved in Vista. Microsoft’s EFS gives you the ability to encrypt data at the file or folder level.
EFS is a technology by which the files on the NTFS partition are encrypted to protect against unauthorized access. While share and NTFS permissions can be used to handle this task over the network, these permissions don’t protect the data in the event that someone has physical access to the server or workstation.