Document and File Encryption
The Challenge
Encryption provides protection that can perform to lengthen data security controls across and beyond corporate boundaries. Unfortunately, conventional approaches to encryption – deploying point solutions to protect lost laptops, emails and files – are full of administrative difficulty and technical problems and costs:
- Dependence on complex key management systems and user compliance rather than automated policy
- Upset users because of range of overlapping and nonstandard approaches to encrypting files
The Solution
Encryption provides information encryption to protect files and documents to individuals and groups regardless of whether those files are on the desktop, network share or inside collaboration portals. Distinct competitive assistance that requires complex key management or password memorization, or is limited to securing certain file types, transport mechanisms or file locations, it is easy to use with any file, no matter where it goes or how it gets there.
This solution addresses the need to secure the sensitive data residing on endpoints like company laptops and mobile storage media through robust data at rest encryption.
Removable Storage Encryption solves the problem of organizations’ data and business at risk because of using personal removable storage devices by bringing the ability to encrypt data by policy. This capability allows employees to safely transport and use data on portable media and securely distribute data via email.
This technology also minimizes deployment, management, training, rollout and support requirements by making maximum use of existing infrastructure through native Microsoft® Active Directory™ integration—as well Novell eDirectory™ support—within a single management console.
Figure 2: Management Console
Specifications:
Supported Ports
USB, FireWire, floppy, CD/DVD
Supported Devices
Memory cards: SD, MMC, CDC, SMC, etc.
Memory sticks and thumb drives
Internal and external – floppy, CD and DVD writers
Removable hard drives
All devices recognized as storage media by supported OS releases
CD/DVD Support
Encrypt data written to CDs and DVDs
Native CD and DVD burner – can replace other CD and DVD burning software
Encryption
256- or 128-bit AES encryption of stored data
Granular file-level data encryption policies
Support for password or digital certificate user authentication keys
FIPS 140-2 validated cryptographic library
Unlike Full Disk Encryption, document and file-based encryption encrypts only user data so that the OS remains decrypted and can be easily recovered if the system crashes, leaving damage to just a single file.
The recovery process itself is much easier with this encryption, as only one file needs to be recovered – not the entire disk. Furthermore, document and file encryption may be included within the OS, and can provide data separation functionality, saving the IT department time and money. IT technician can install new programs and perform maintenance tasks without exposing the computer user’s sensitive data. Another advantage achieved by encrypting only sensitive data stored on the endpoint is that the operating system and program files remain unencrypted, improving the overall stability of the product.
Organization can use this file encryption to run the day to day management of the help desk over the network prior to when the user logs in. Like the most common help desk requests from users which is resetting forgotten passwords. Most encryption products mandate the use of a custom procedure, which requires a long, and error prone, response procedure. However, this document and file encryption solution can allow help desk organizations to continue using existing standard Active Directory reset procedures for resetting passwords.
