Sophos SafeGuard Data Protection
December 2009 – Personal computer often contain personal data, confidential and company information or other sensitive data. SafeGuard Enterprise solution protect your confidential information and comply with regulatory mandates—safely and securely. SafeGuard Enterprise is a modular information protection control solution that enforces policy-based security for PCs and mobile devices across mixed environments. It is fully transparent to end users and is easy to administer from a single central console. SafeGuard Enterprise provides multi-layered endpoint data security by combining encryption and data leakage prevention (DLP). Its modular architecture provides comprehensive data security tailored to your organization’s needs and growth requirements.
SafeGuard Enterprise has the most flexible centralized policy and key management functionality available today.
With its modular, scalable and open architecture, SafeGuard Enterprise provides seamless integration of current and future SafeGuard modules, new security components and third-party products—guaranteeing continuous investment protection.
The individual modules of SafeGuard Enterprise include:
■ Management Center, which provides a single, centralized console to manage all the other modules
■ Device Encryption for advanced full disk encryption for laptops and desktop PCs
■ Data Exchange for strong encryption and secure sharing of removable media
■ Partner Connect for managing external encryption products
■ Configuration Protection for granular port control of PCs
■ Management Center
SafeGuard Management Center is the central administration platform and works in conjunction with other SafeGuard Enterprise functional modules to provide complete security and management control over all connected devices and users. It enables the management of full data encryption and data leakage prevention (DLP) from a single console for powerful multi-layered security.
■ Single central console for managing data security for users and devices across multiple platforms
■ Centralized key management for secure storage, exchange and recovery of data in mixed environments
■ Granular policy enforcement enabled by role-based user management
■ Device Encryption
SafeGuard Device Encryption is a module of SafeGuard Enterprise, a centralized solution for managing information protection in mixed IT environments. It is centrally managed by Sophos’s powerful SafeGuard Management Center. SafeGuard Device Encryption offers transparent multi-platform full-disk encryption for laptops and desktops PCs, easy to use single-sign on and password recovery functionality, powerful administration and deployment option that provide flexibility organizations with centrally managed and non-centrally managed users.
■ Provides full data protection against unauthorized access, loss or theft on stationary and mobile devices with full disk encryption
■ Advanced keying functionality enables easy recovery of encrypted media
■ Central administration eases administrative burden and ensures compliance
■ Has the flexibility to be deployed in non-centrally-managed environments
■ Data Exchange
SafeGuard Data Exchange is a functional module of SafeGuard Enterprise, it can protect your valuable confidential information stored on USB media, external hard disks, memory cards and rewritable CDs/DVDs against theft or loss. Its strong file-based encryption secures files stored on removable media.
■ Share encrypted data across PCs, removable media, PDAs and email easily and securely
■ Unique keying feature provides secure data sharing and portability within project teams or across the company
■ Central management enforces security policies, manages keys and certificates, and logs user activities, guaranteeing reliable protection for end devises in all their operating states
■ Partner Connect
SafeGuard Partner Connect protects company confidentially with a flexible and easy-to-manage solution that enforce consistent data security policies, features automated and simplified BitLocker usage, as well as key backup and emergency mechanisms for easy recovery.
■ Easy management with central administration of BitLocker security policies
■ Enforcement of consistent security policies even in mixed Bitlocker (Windows Vista) and non-BitLocker (Windows XP) environments
■ Central key backup and emergency mechanisms for easy recovery
■ Integrates with the SafeGuard Enterprise solution to provide security benefits not covered by BitLocker, e.g., removable media encryption
■ Configuration Protection
SafeGuard Configuration Protection, a module of the SafeGuard Enterprise data security solution, stops data leakage through endpoints, ports and removable media. To protect your valuable information from loss – accidental or malicious – your security solution must cover removable storage devices, physical and wireless interfaces, and users. SafeGuard Configuration Protection controls and secures endpoints and devices over every interface, and guarantees flexible and easy-to-use information leakage prevention
SafeGuard Configuration Protection monitors real-time traffic and applies customized, granular security policies for all types of interfaces and external storage devices such as:
■ Physical interfaces: USB, FireWire, PCMCIA, Parallel, Serial, etc.
■ Wireless interfaces: Wi-Fi, Bluetooth, Infrared (IrDA)
■ External storage devices: Removable media, CDs/DVDs, floppy drives, etc.
■ Protects all PC ports from data leakage, theft, enterprise penetration and introduction of malware
■ Provides granular and tamper-resistant port control, device control and wireless control
■ Centrally managed by SafeGuard Management Center with easy-to-use reporting and auditing ability