> SafeGuard Encryption
SafeGuard Encryption - Overview
Always-on Encryption Protects Data Everywhere
Sophos SafeGuard Enterprise is data-centric, automatically securing content upon creation. Once encrypted, files remain secured when shared across platforms and devices, or if they are emailed or uploaded to cloud-based file sharing programs such as Box, Dropbox, or OneDrive. This method promotes secure collaboration everywhere, working across device and platforms without compromising security and preventing accidental data leakage.
Transparent Encryption Ensures User Productivity
Encrypting, decrypting, and accessing information is automatic and transparent to the end user. Your users can open an encrypted file, edit it, or share it internally as they normally would. For externally sharing, decryption or creating password protected files takes only one click.
Proactively Protects Data Against Data Theft
SafeGuard Encryption has the ability to intelligently protect your data against theft. It automatically encrypts your content, and the content stays encrypted even when it’s shared or uploaded to a cloud-based, file-sharing system.
Synchronized Encryption continuously validates the user, application, and device integrity. If your data ever ends up in the wrong hands, SafeGuard renders the information unusable; the files remain encrypted and unreadable.
Real-time Threat Protection
SafeGuard Enterprise offers Synchronized Encryption by connecting to Sophos Endpoint Protection. The SafeGuard local agent listens to an endpoint’s Security Heartbeat™ and enables automated, proactive protection. For example, in the event of an active infection, the SafeGuard agent can temporarily revoke the encryption keys, proactively protecting your data against threats. As soon as the security health of the device is restored, the SafeGuard Management Center pushes the encryption keys back to that device, restoring access to encrypted data.
Secure External Sharing With Password-Protected Files
With SafeGuard it’s simple to share content with people outside of your organization. Users can create a password-protected file with a single click of a mouse. The file is securely wrapped in an HTML 5 format, so it doesn’t require the recipient to install any software. All they need is a web browser and the password to access the encrypted content.
Mindful, one-click Decryption
Users can also decrypt files to make them publicly available with one simple click. And because decryption is a logged event, you can record each instance and alert your administrator when someone attempts to decrypt a large number of files. While decryption is simple, it remains a conscious action. This inverted logic helps prevent accidental data leakage and helps to educate end users.
Lost Devices, Protected Data
Full-disk encryption is an essential first line of defense to protect your data in the event of a lost or stolen device. SafeGuard gives you the ability to managed Windows BitLocker and OS X FileVault 2 encryption from the SafeGuard Management Center.
Synchronized For Secure Content Collaboration On Mobile Devices
Sophos SafeGuard synchronizes your encryption keys with Sophos Mobile Control*, giving you seamless and secure access to encrypted files on iOS and Android devices. Using Sophos Mobile Control’s Secure Workspace app on a trusted device, users can view, access, and share encrypted data securely.
Secure Key Recovery On Mobile Devices
Key synchronization between SafeGuard and Sophos Mobile Control* lets users retrieve their FileVault or BitLocker full-disk encryption recovery keys directly in the Sophos Secure Workspace app on thier mobile device. This helps users get back to work faster without having to contact the help desk, saving both time and IT resources.
SafeGuard Management Center
Manage your encryption policies and keys for all of your devices using this centralized console. From the SafeGuard Management Center, you can set data security policy for groups and devices, secure, store, exchange, and recover keys. You can also generate compliance and audit reports, all from within the console.