• No results found

Managing BitLocker With SafeGuard Enterprise

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Managing BitLocker With SafeGuard Enterprise"

Copied!
8
0
0

Loading.... (view fulltext now)

Download now ( 8 Page )

Full text

(1)

SafeGuard Enterprise

How Sophos provides one unified solution to manage

device encryption, compliance and Microsoft BitLocker

By Robert Zeh, Product Manager

Full-disk encryption is only the beginning

Full-disk encryption is rapidly becoming a standard security

(2)

Far from homogenous environments

Beginning with the Ultimate and Enterprise editions of Microsoft Windows Vista, and continuing with Windows 7 Ultimate/Enterprise and Windows 8, Microsoft has provided access to its integrated BitLocker encryption technology. The upside is that this has led to many more companies recognizing the value of encryption.

The downside is that BitLocker does one main thing, although it does it very well—it encrypts hard drives. Many large enterprises have deployed BitLocker in homogenous Windows 7 and Windows 8 environments. But the reality of today’s enterprise IT infrastructure is far from homogenous.

IT environments are rarely restricted to Windows, and many enterprises support legacy operating systems even long after Microsoft’s regular service and support ceases. Furthermore, third-party and proprietary applications that you’ve introduced over time don’t always keep pace with Microsoft’s release cycles. Often vendors opt not to build those updates, determining that it would be too costly to do further development. For your business, these applications may be a key part of your operation, meaning that you’re forced to support multiple operating systems.

Beyond Windows, Apple Macs are no longer restricted to use by creative professionals such as designers. The Mac has successfully found its way into the heart of many businesses— perhaps also into yours.

Microsoft added some new features in BitLocker 8, which make it more attractive for some organizations. However, many of its limitations will remain. As your IT evolves, you need to adapt what may have started out as an ideal set-up to suit your current business, management and user requirements.

SafeGuard Enterprise protects your data

everywhere

To meet the needs of your mobile information workers today, you need seemless encryption that supports the way your people work rather than restricting them. If you limit your encryption to full-disk, that will inevitably open the door for data loss when your users take it with them.

Particularly if you are required to conform to industry, national or state data protection regulations, full-disk encryption may provide the baseline compliance for your PCs. But it doesn’t guarantee that your company won’t make the headlines for the wrong reaons. SafeGuard Enterprise enables you to secure your data wherever it’s stored while supporting diverse platforms and encryption products. You can use it as a single platform for all your data protection needs, or to integrate third-party encryption solutions.

(3)

SafeGuard Enterprise supports all Windows platforms, from Windows XP through Windows 8, so no devices are left unencrypted and unprotected. SafeGuard Enterprise is the only product on the market offering encryption for your hard drives, removable media, network file shares, and files stored in the cloud. Plus, all these functions are managed through a single console, giving you one place for data recovery, policy and key management.

In addition, SafeGuard Enterprise Native Device Encryption provides a way to integrate your BitLocker encrypted devices within your SafeGuard Enterprise solution, so you can manage devices encrypted by BitLocker alongside all other encryption within the same management center. This integration removes the limitations of BitLocker—supporting a broader set of production environments while providing multi-platform support with uniform key management and data recovery.

SafeGuard Enterprise modules in detail

• Device Encryption: SafeGuard Enterprise provides full-disk encryption for laptops, desktops and virtual desktops. It increases performance by leveraging optimization on Intel i5 and i7 computers with AES-NI. It lets you run and manage native encryption for Microsoft BitLocker, Mac FileVault 2, OPAL 1/2, Windows 7, Vista, XP and virtual desktops—from one central management console.

• Native Device Encryption: Manage built-in encryption in the OS: Microsoft BitLocker and Mac FileVault 2. SafeGuard Enterprise embraces native encryption functions and provides central encryption policy deployment, recovery and compliance reporting. By leveraging OS-embedded encryption, it provides the best encryption performance, reliability and robustness.

• Encryption for Cloud Storage: Sophos protects data everywhere, even when it’s stored in the cloud. Data stays encrypted when uploading or downloading

from cloud storage services like Dropbox and Egnyte. The keys stay local to the client and data is accessible only when using the keys. Encrypted files in the cloud are even accessible through the Sophos Mobile Encryption app on iOS and Android devices. • Encryption for File Shares: Sophos provides a comprehensive encryption solution,

allowing only authorized users to access data on a network—all managed from a single console using the SafeGuard Enterprise client. This improves security of data in network shares or infrastructure as a service, while sparing your IT staff auditor headaches. System management can be isolated from data access.

• Data Exchange: Encrypts removable media, including USB drives and optical media, across all Windows platforms, expanding platform support and portable encrypted file access beyond what’s possible with BitLocker-To-Go.

(4)

Typical use case: Protecting sensitive customer

information

Here’s a typical use case for SafeGuard Enterprise. Your company started out with a completely homogenous Windows environment. However, things changed over time: IT staff and users came and went, management and people changed roles within the company. Also, your computing requirements changed gradually—some users brought Macs on the network and personally-owned devices needed to connect to corporate email.

Hardware refresh cycles grew longer, so the IT team had to support multiple operating systems and different generations of hardware for an increasingly mobile workforce. Users didn’t really care about security or compliance—they just expected to be able to use any tool they wanted, anywhere they wanted, at any time.

But then the regulations changed and your company was forced by new legislation to deploy encryption to protect your data—and to protect the IT manager’s job. Your newest laptops were delivered with Windows 8 and you decided to activate BitLocker on these systems. After all, it’s part of the operating system.

Faced with the new regulatory requirements, the issues around encryption quickly escalated and it wasn’t long before the IT team was spending much of their time figuring out ways around the holes in the encryption net rather than performing their normal tasks. Once users started to move data to USB drives and cloud storage services, the CEO decided that the company could no longer afford to have only some devices encrypted. The IT manager was soon called in front of the legal team to answer questions about the breached security policies.

Solution: SafeGuard Enterprise

(5)

Win-Win: SafeGuard Enterprise with BitLocker

Microsoft BitLocker is easy to deploy, fast and reliable, but its features are narrowly targeted to homogenous Windows 7 and Windows 8 environments. BitLocker provides one function and does it well: it encrypts hard drives. But full-disk encryption is not enough to meet all the data protection challenges an organization may face. Below we explain some of the main limitations stopping enterprises from implementing BitLocker today, and how SafeGuard Enterprise can add the functionality you need to keep your data safe.

Compliance

Regulators and auditors don’t care where your data is stored. They want to know—and you need to demonstrate—that the data is secure at all times, independent of its location. The implications of a data breach are the same whether the data was on a Windows laptop, MacBook, cloud storage service or USB device.

If you failed to properly protect the data, laws likely require you to disclose a breach to any affected individuals. Depending on the laws that govern your business, you might have to disclose to your customers, your patients, your employees, the media and to the government. This means lawsuits, fines and loss of customers. It can also mean damage to the reputation and goodwill you’ve built up over many years.

When used in combination with the Microsoft BitLocker Administration and Monitoring application (MBAM), BitLocker provides compliance reports for the Windows 7 and Windows 8 devices it manages. As a result, additional compliance reports are required for other devices and storage locations. With SafeGuard Enterprise it’s easy to manage and report on encryption for data on Windows PCs, Macs, removable storage devices, network file shares and data in the cloud, with one solution from one management center.

Network file share protection

Using access control lists and Active Directory rights to restrict access to data is a step in the right direction, but it doesn’t address internal compliance. How do you keep the IT staff that is authorized to support servers and infrastructure from accessing sensitive files? How can you separate the ability to manage folders and back up files from the ability to read a medical record or a payroll file? And what if those sensitive file shares aren’t in your environment at all?

If you are leveraging infrastructure-as-a-service vendors such as Amazon Web Services, or if you are using outsourced help desk staff, you also need to make sure your vendors' staff can’t access your regulated or sensitive data.

(6)

Encryption of Non-Windows platforms

BitLocker is only available on certain versions of Windows. However, today most enterprises use multiple platforms in one way or another. The use of Macs in business environments is on the rise, driven partly by the growing trend of BYOD (bring your own device). And because data on a Mac is likely to be as valuable as data on a Windows PC, any data protection strategy must make securing data on Macs as well as on Windows an essential requirement. SafeGuard Enterprise allows you to seamlessly run reports on your Mac encryption through the same management console as your Windows PCs.

Legacy Windows platforms

BitLocker only encrypts PCs using certain versions of Windows: Vista, Windows 7 (Enterprise and Ultimate Editions) or Windows 8. This is a serious issue for organizations with other versions of Windows 7 or 8 in use, or who still have legacy Windows platforms in their infrastructure. SafeGuard Enterprise encrypts all versions of Windows, from XP up. Mobile computing is great … But where’s my laptop?

(7)

Deploying SafeGuard Enterprise

In this typical environment, SafeGuard Enterprise Management Console includes BitLocker for Windows 7 and Windows 8; plus SafeGuard Enterprise for Mac, removable media, network file shares, mobile devices and cloud storage.

There are many advantages to the above deployment architecture, for example: • Central location to define policy for all your data, regardless of location or platform • Single pane of glass for compliance reporting and auditing

(8)

United Kingdom and Worldwide Sales Tel: +44 (0)8447 671131

Email: [email protected]

North American Sales Toll Free: 1-866-866-2802 Email: [email protected]

Australia and New Zealand Sales Tel: +61 2 9409 9100

Email: [email protected]

Asia Sales Tel: +65 62244168

Email: [email protected]

Oxford, UK | Boston, USA

© Copyright 2014. Sophos Ltd. All rights reserved.

SafeGuard Enterprise: Delivering data protection

everywhere

SafeGuard Enterprise provides a single platform for all your data protection needs. By securing sensitive information wherever it’s stored throughout your business, SafeGuard Enterprise meets your compliance requirements, keeps your users working, and provides your IT team with the tools to keep your business running.

SafeGuard Enterprise

References

Download now ( PDF - 8 Page - 430.90 KB )

Related documents

Protecting Your Data On The Network, Cloud And Virtual Servers

All SafeGuard Enterprise modules - such as SafeGuard Encryption for Cloud Storage and SafeGuard Encryption for File Shares - are available as perpetual licenses or as part of the

Group Chief Executive s Statement

This ensures the availability of information for effective clinical governance with implementation of appropriate actions to prevent recurrences in order to improve quality and

utimaco SafeGuard Enterprise - Device Encryption

Refinement: After a user (not the administration server) is successfully authenticated then – and only then – the correct device encryption key for the substantial access to the

Data Security and Governance with Enterprise Enabler

This paper is intended to provide an overview of security and risk mitigation features available in Enterprise Enabler, showing specifically how some are

To reinforce solidarity in and with enterprise

This paper is a short presentation of a new model of remuneration for workers, shareholders, aiming a structural fair sharing of the added value and of the risks in

Acceptable Encryption Usage for UTHSC

If you want the removable data drive to automatically unlock, you can specify that option after encryption has occurred by clicking Manage BitLocker from the BitLocker

SafeGuard Enterprise Installation guide

SafeGuard Easy (SGE) 4.5x as well as Sophos SafeGuard Disk Encryption 4.6x can be directly upgraded to SafeGuard Enterprise 5.6x by installing the SafeGuard Device Encryption

Sophos SafeGuard Disk Encryption, Sophos SafeGuard Easy Demo guide

This configuration package has to be deployed on a test computer with a SDE/SGE 5.60 client installation including Device Encryption, see Install the demo software (page 7)1. You