Managing BitLocker With SafeGuard Enterprise

Similar documents
Protecting Your Data On The Network, Cloud And Virtual Servers

Encryption Buyers Guide

Your Company Data, Their Personal Device What Could Go Wrong?

Deciphering the Code: A Simple Guide to Encryption

Sample Mobile Device Security Policy

IT Resource Management & Mobile Data Protection vs. User Empowerment

Simple Security Is Better Security

Protecting Your Roaming Workforce With Cloud-Based Security

IT Resource Management vs. User Empowerment

How To Manage A Mobile Device Management (Mdm) Solution

Simplifying Branch Office Security

Strengthen Microsoft Office 365 with Sophos Cloud and Reflexion

Seven Keys to Securing Your Growing Business

Healthcare Buyers Guide: Mobile Device Management

SafeGuard Enterprise 6.10 Peter Skondro

Building a Next-Gen Managed Security Practice

A Guide to Managing Microsoft BitLocker in the Enterprise

Botnets: The dark side of cloud computing

Sales Consultant I Engineer I Architect I Support Engineer I MSP. A Simple Overview to Training and Certification

Sample Data Security Policies

Keeping Data Safe When Using Mobile Devices

Two Great Ways to Protect Your Virtual Machines From Malware

Sizing Guideline. Sophos UTM SG Series Appliances. Sophos UTM 9.2 Sizing Guide for SG Series appliances

White Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0

Protecting personally identifiable information: What data is at risk and what you can do about it

Mobile Madness or BYOD Security?

Protecting Student and Institutional Privacy Data Encryption for Education

Comparative Performance and Resilience Test Results - UTM Appliances. Miercom tests comparing Sophos SG Series appliances against the competition

Sophos XG Firewall Licensing

Mobile Device Security: What s Coming Next?

Samsung SED Security in Collaboration with Wave Systems

WhitePaper. Private Cloud Computing Essentials

DriveLock and Windows 8

Introducing Databackup.com Cloud Backup. File Locker File Sharing & Collaboration EndGaurd EndPoint Protection & Device Management

A Manager s Guide to Unified Threat Management and Next-Gen Firewalls

Managing BitLocker Encryption

Five Tips to Reduce Risk From Modern Web Threats

Mobile Device Security and Encryption Standard and Guidelines

DriveLock and Windows 7

BEST PRACTICES IN BYOD

The fastest Cloud upgrade for Windows desktops

Next Gen Firewall and UTM Buyers Guide

A Comprehensive Plan to Simplify Endpoint Encryption

Gain Complete Data Protection with SanDisk Self-Encrypting SSDs and Wave Systems

Deploying. Mac. Five best practices

Kaseya IT Automation Framework

The Sophos Security Heartbeat:

Making Endpoint Encryption Work in the Real World

Protect sensitive data on laptops even for disconnected users

An introduction to Hosted SQL database applications

CHOOSING AN MDM PLATFORM

activecho Frequently Asked Questions

Systems Manager Cloud Based Mobile Device Management

Why Endpoint Encryption Can Fail to Deliver

Access Tropical Cloud Desktop from Any Device

BEST PRACTICE GUIDE TO ENCRYPTION.

Moving to the Cloud: What Every CIO Should Know

When Computers really become Personal

An Enterprise Approach to Mobile File Access and Sharing

EasiShare Whitepaper - Empowering Your Mobile Workforce

Storgrid EFS Access all of your business information securely from any device

Manual for Android 1.5

BYOD How-To Guide. How do I securely deliver my company s applications and data to BYOD?

Global Technology Service Provider Deploys Operating System and Expands

Wireless network security: A how-to guide for SMBs

Contents. Introduction. What is the Cloud? How does it work? Types of Cloud Service. Cloud Service Providers. Summary

VMware Horizon DaaS: Desktop as a Cloud Service (DaaS)

Simplify VDI and RDS Private Clouds for SMBs

Bringing the Cloud into Focus. A Whitepaper by CMIT Solutions and Cadence Management Advisors

Best Practices for Enterprise Mobile Printing

EXECUTIVE SUMMARY Cloud Backup for Endpoint Devices

Sophos UTM Support Services Guide

Corporate Enterprise Data Protection Package

What is MyUTM? 2. How do I log in to MyUTM? 2. I m logged in, what can I do? 2. What s the Overview section? 2

WHITE PAPER. Mobile Security. Top Five Security Threats for the Mobile Enterprise and How to Address Them

Secure Cross Border File Protection & Sharing for Enterprise Product Brief CRYPTOMILL INC

Maintaining Native Mac File Sharing in an Enterprise Storage Environment A Technical Best Practices Whitepaper

Encryption as a Cloud Service provides the lowest TCO

Introduction to Hosted Desktop Services (HDS)

Access Database Hosting. An introduction to Cloud Hosting Access databases from Your Office Anywhere

Consumerization. Managing the BYOD trend successfully. Harish Krishnan, General Manager, Wipro Mobility Solutions

Cloud Backup and Recovery for Endpoint Devices

whitepaper Absolute Manage: Client Management Managing Macs in a Windows Environment

Maximizing Flexibility and Productivity for Mobile MacBook Users

Real World Considerations for Implementing Desktop Virtualization

Enterprise Desktop Solutions: VMware View 4.5

We d Like That on Our Laptops, Notebooks, Tablets and Smartphones, Please

IBM Data Security Services for endpoint data protection endpoint encryption solution

How To Use Windows Small Business Server 2011 Essentials

Powered by. FSS Buyer s Guide Why a File Sync & Sharing Solution is Critical for Your Business

How to Turn the Promise of the Cloud into an Operational Reality

10 steps to better secure your Mac laptop from physical data theft

The Maximum Security Marriage:

Desktop Transformation: A Model Case for the Mobile Era

Hitachi Content Platform (HCP)

How To Make Your Computer System More Secure And Secure

Endpoint Management and Mobility Solutions from Symantec. Adapting traditional IT operations for new end-user environments

SOLUTION BRIEF Enterprise Mobility Management. Critical Elements of an Enterprise Mobility Management Suite

CONTENTS. Windows To Go: Empower And Secure The Mobile Workforce

Transcription:

Managing BitLocker With SafeGuard Enterprise How Sophos provides one unified solution to manage device encryption, compliance and Microsoft BitLocker By Robert Zeh, Product Manager Full-disk encryption is only the beginning Full-disk encryption is rapidly becoming a standard security solution, like antivirus or spam filters a trend further accelerated by widespread use of Microsoft BitLocker. However, to support the flexibility of your workers today, full-disk encryption is not enough to prevent data loss. Your users are no longer confined to the office by their technology and their PCs, and work has become a thing people do rather than a place they go to. This whitepaper explains how Sophos SafeGuard Enterprise secures your data wherever it s stored; and how it allows you to support diverse platforms and encryption products including BitLocker.

Far from homogenous environments Beginning with the Ultimate and Enterprise editions of Microsoft Windows Vista, and continuing with Windows 7 Ultimate/Enterprise and Windows 8, Microsoft has provided access to its integrated BitLocker encryption technology. The upside is that this has led to many more companies recognizing the value of encryption. The downside is that BitLocker does one main thing, although it does it very well it encrypts hard drives. Many large enterprises have deployed BitLocker in homogenous Windows 7 and Windows 8 environments. But the reality of today s enterprise IT infrastructure is far from homogenous. IT environments are rarely restricted to Windows, and many enterprises support legacy operating systems even long after Microsoft s regular service and support ceases. Furthermore, third-party and proprietary applications that you ve introduced over time don t always keep pace with Microsoft s release cycles. Often vendors opt not to build those updates, determining that it would be too costly to do further development. For your business, these applications may be a key part of your operation, meaning that you re forced to support multiple operating systems. Microsoft BitLocker has helped to raise management s awareness of the need to encrypt and protect data; but is it the right solution for your IT environment? Beyond Windows, Apple Macs are no longer restricted to use by creative professionals such as designers. The Mac has successfully found its way into the heart of many businesses perhaps also into yours. Microsoft added some new features in BitLocker 8, which make it more attractive for some organizations. However, many of its limitations will remain. As your IT evolves, you need to adapt what may have started out as an ideal set-up to suit your current business, management and user requirements. SafeGuard Enterprise protects your data everywhere To meet the needs of your mobile information workers today, you need seemless encryption that supports the way your people work rather than restricting them. If you limit your encryption to full-disk, that will inevitably open the door for data loss when your users take it with them. Particularly if you are required to conform to industry, national or state data protection regulations, full-disk encryption may provide the baseline compliance for your PCs. But it doesn t guarantee that your company won t make the headlines for the wrong reaons. SafeGuard Enterprise enables you to secure your data wherever it s stored while supporting diverse platforms and encryption products. You can use it as a single platform for all your data protection needs, or to integrate third-party encryption solutions. A Sophos Whitepaper January 2014 2

SafeGuard Enterprise supports all Windows platforms, from Windows XP through Windows 8, so no devices are left unencrypted and unprotected. SafeGuard Enterprise is the only product on the market offering encryption for your hard drives, removable media, network file shares, and files stored in the cloud. Plus, all these functions are managed through a single console, giving you one place for data recovery, policy and key management. In addition, SafeGuard Enterprise Native Device Encryption provides a way to integrate your BitLocker encrypted devices within your SafeGuard Enterprise solution, so you can manage devices encrypted by BitLocker alongside all other encryption within the same management center. This integration removes the limitations of BitLocker supporting a broader set of production environments while providing multi-platform support with uniform key management and data recovery. SafeGuard Enterprise modules in detail Device Encryption: SafeGuard Enterprise provides full-disk encryption for laptops, desktops and virtual desktops. It increases performance by leveraging optimization on Intel i5 and i7 computers with AES-NI. It lets you run and manage native encryption for Microsoft BitLocker, Mac FileVault 2, OPAL 1/2, Windows 7, Vista, XP and virtual desktops from one central management console. Native Device Encryption: Manage built-in encryption in the OS: Microsoft BitLocker and Mac FileVault 2. SafeGuard Enterprise embraces native encryption functions and provides central encryption policy deployment, recovery and compliance reporting. By leveraging OS-embedded encryption, it provides the best encryption performance, reliability and robustness. Encryption for Cloud Storage: Sophos protects data everywhere, even when it s stored in the cloud. Data stays encrypted when uploading or downloading from cloud storage services like Dropbox and Egnyte. The keys stay local to the client and data is accessible only when using the keys. Encrypted files in the cloud are even accessible through the Sophos Mobile Encryption app on ios and Android devices. Encryption for File Shares: Sophos provides a comprehensive encryption solution, allowing only authorized users to access data on a network all managed from a single console using the SafeGuard Enterprise client. This improves security of data in network shares or infrastructure as a service, while sparing your IT staff auditor headaches. System management can be isolated from data access. Data Exchange: Encrypts removable media, including USB drives and optical media, across all Windows platforms, expanding platform support and portable encrypted file access beyond what s possible with BitLocker-To-Go. Support: Call one vendor for all your data security needs. A Sophos Whitepaper January 2014 3

Typical use case: Protecting sensitive customer information Here s a typical use case for SafeGuard Enterprise. Your company started out with a completely homogenous Windows environment. However, things changed over time: IT staff and users came and went, management and people changed roles within the company. Also, your computing requirements changed gradually some users brought Macs on the network and personally-owned devices needed to connect to corporate email. Hardware refresh cycles grew longer, so the IT team had to support multiple operating systems and different generations of hardware for an increasingly mobile workforce. Users didn t really care about security or compliance they just expected to be able to use any tool they wanted, anywhere they wanted, at any time. But then the regulations changed and your company was forced by new legislation to deploy encryption to protect your data and to protect the IT manager s job. Your newest laptops were delivered with Windows 8 and you decided to activate BitLocker on these systems. After all, it s part of the operating system. Faced with the new regulatory requirements, the issues around encryption quickly escalated and it wasn t long before the IT team was spending much of their time figuring out ways around the holes in the encryption net rather than performing their normal tasks. Once users started to move data to USB drives and cloud storage services, the CEO decided that the company could no longer afford to have only some devices encrypted. The IT manager was soon called in front of the legal team to answer questions about the breached security policies. Solution: SafeGuard Enterprise Sophos SafeGuard Enterprise is designed for scenarios like this and it allows over-stretched IT teams to encrypt all devices and data, without getting in the way of users. Taking full advantage of built-in disk encryption like BitLocker and FileVault, SafeGuard Enterprise is the only product to offer encryption across Windows, Mac, removable media, cloud and mobile. You can use SafeGuard Enterprise to manage all your PCs and Macs. It provides extensive forensics and reporting to ensure full compliance, plus it manages all of your encrypted laptops, BitLocker devices and OPAL self-encrypting drives, in one place. Apps for both ios and Android devices allow you to securely view encrypted files stored in cloud. A Sophos Whitepaper January 2014 4

Win-Win: SafeGuard Enterprise with BitLocker Microsoft BitLocker is easy to deploy, fast and reliable, but its features are narrowly targeted to homogenous Windows 7 and Windows 8 environments. BitLocker provides one function and does it well: it encrypts hard drives. But full-disk encryption is not enough to meet all the data protection challenges an organization may face. Below we explain some of the main limitations stopping enterprises from implementing BitLocker today, and how SafeGuard Enterprise can add the functionality you need to keep your data safe. Compliance Regulators and auditors don t care where your data is stored. They want to know and you need to demonstrate that the data is secure at all times, independent of its location. The implications of a data breach are the same whether the data was on a Windows laptop, MacBook, cloud storage service or USB device. If you failed to properly protect the data, laws likely require you to disclose a breach to any affected individuals. Depending on the laws that govern your business, you might have to disclose to your customers, your patients, your employees, the media and to the government. This means lawsuits, fines and loss of customers. It can also mean damage to the reputation and goodwill you ve built up over many years. When used in combination with the Microsoft BitLocker Administration and Monitoring application (MBAM), BitLocker provides compliance reports for the Windows 7 and Windows 8 devices it manages. As a result, additional compliance reports are required for other devices and storage locations. With SafeGuard Enterprise it s easy to manage and report on encryption for data on Windows PCs, Macs, removable storage devices, network file shares and data in the cloud, with one solution from one management center. Network file share protection Using access control lists and Active Directory rights to restrict access to data is a step in the right direction, but it doesn t address internal compliance. How do you keep the IT staff that is authorized to support servers and infrastructure from accessing sensitive files? How can you separate the ability to manage folders and back up files from the ability to read a medical record or a payroll file? And what if those sensitive file shares aren t in your environment at all? If you are leveraging infrastructure-as-a-service vendors such as Amazon Web Services, or if you are using outsourced help desk staff, you also need to make sure your vendors' staff can t access your regulated or sensitive data. Sophos provides encryption security with SafeGuard Encryption for File Shares, which lets you encrypt that data at rest, so backup and management of file shares can be independent from access to the files themselves. This keeps sensitive files in the hands of authorized users, and keeps the auditors out of the IT department s daily operations. A Sophos Whitepaper January 2014 5

Encryption of Non-Windows platforms BitLocker is only available on certain versions of Windows. However, today most enterprises use multiple platforms in one way or another. The use of Macs in business environments is on the rise, driven partly by the growing trend of BYOD (bring your own device). And because data on a Mac is likely to be as valuable as data on a Windows PC, any data protection strategy must make securing data on Macs as well as on Windows an essential requirement. SafeGuard Enterprise allows you to seamlessly run reports on your Mac encryption through the same management console as your Windows PCs. Legacy Windows platforms BitLocker only encrypts PCs using certain versions of Windows: Vista, Windows 7 (Enterprise and Ultimate Editions) or Windows 8. This is a serious issue for organizations with other versions of Windows 7 or 8 in use, or who still have legacy Windows platforms in their infrastructure. SafeGuard Enterprise encrypts all versions of Windows, from XP up. Mobile computing is great But where s my laptop? Mobility can boost productivity, but it also means that your data is at risk from simple loss and theft of laptops. SafeGuard Enterprise is built with IIS web server as the communication engine between the secure back end and your encrypted clients, making it possible to manage those remote clients over the web no network or VPN connection required. This means that if a user has to be terminated or thinks they ve misplaced the system, you can lock out that machine via policy. If your IT team later recovers the device, an authorized security admin can easily unlock the system while a thief would not be able to access the system. A Sophos Whitepaper January 2014 6

Deploying SafeGuard Enterprise In this typical environment, SafeGuard Enterprise Management Console includes BitLocker for Windows 7 and Windows 8; plus SafeGuard Enterprise for Mac, removable media, network file shares, mobile devices and cloud storage. There are many advantages to the above deployment architecture, for example: Central location to define policy for all your data, regardless of location or platform Single pane of glass for compliance reporting and auditing One place for recovery A Sophos Whitepaper January 2014 7

SafeGuard Enterprise: Delivering data protection everywhere SafeGuard Enterprise provides a single platform for all your data protection needs. By securing sensitive information wherever it s stored throughout your business, SafeGuard Enterprise meets your compliance requirements, keeps your users working, and provides your IT team with the tools to keep your business running. SafeGuard Enterprise Get a free trial at Sophos.com/free-trials United Kingdom and Worldwide Sales Tel: +44 (0)8447 671131 Email: sales@sophos.com North American Sales Toll Free: 1-866-866-2802 Email: nasales@sophos.com Australia and New Zealand Sales Tel: +61 2 9409 9100 Email: sales@sophos.com.au Asia Sales Tel: +65 62244168 Email: salesasia@sophos.com Oxford, UK Boston, USA Copyright 2014. Sophos Ltd. All rights reserved. Registered in England and Wales No. 2096520, The Pentagon, Abingdon Science Park, Abingdon, OX14 3YP, UK Sophos is the registered trademark of Sophos Ltd. All other product and company names mentioned are trademarks or registered trademarks of their respective owners. 1.14.GH.wpna.simple

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information