A single console for managing full disk encryption headaches
- By William Jackson
- Feb 12, 2014
The latest version of SafeGuard Encryption from Sophos Inc. addresses some of the usability challenges of working with full disk encryption by enabling centralized management of crypto engines built into the Windows and Apple operating systems.
Strong encryption is recognized as an effective way to secure digital data, but its use has been limited by its impact on performance and that fact that it often is difficult to manage and use. Because of this, many users accept the risk of leaving data unencrypted, putting it in danger if a device is lost or stolen.
Operating system vendors have addressed part of the problem by incorporating full disk encryption into recent versions of popular OSs, eliminating the performance hit for disk encryption.
Microsoft began including BitLocker in some versions of Windows 7, Vista and Windows Server 2008, and Apple’s FileVault 2 is available in OS X Lion and later releases. These OS-based crypto tools have limitations, however. They are not easily managed across an enterprise, and they do not protect data once a computer has been booted and unlocked or when data is sent elsewhere.
SafeGuard’s latest contribution to the encryption challenge addresses usability by creating a unified cryptographic environment that leverages native OS encryption and provides encryption for data moved onto mobile or removable devices, into the cloud or to file servers.
“We have a single console that manages encryption across the entire environment,” said Sophos vice president of product marketing Marty Ward.
When OS full disk encryption is being used, SafeGuard allows administrators to centrally manage the BitLocker and FileVault encryption keys for multiple devices. Once the disk has been unencrypted on a running computer, the SafeGuard engine can be used to encrypt and manage data as it moves and is used across the enterprise and in the cloud.
SafeGuard supports government approved encryption algorithms including 128-bit and 256-bit AES. FileVault 2 uses government approved 128-bit XTS-AES encryption, and BitLocker uses AES 128 or 156-bit encryption.
William Jackson is freelance writer and the author of the CyberEye blog.