Synchronized Encryption

Synchronized Encryption is built on two assertions – that all data is important and must be protected (encrypted) and that encryption should be persistent wherever the data is located. In addition, important data should be encrypted automatically and transparently so that a user need not be bothered with having to decide whether or not to encrypt a file based on its perceived importance. This very basic premise, that all data is important and must be protected, ensures that all data is encrypted seamless without user intervention. This allows the user to remain productive, have their data secure and follow their existing workflows.
Note: This section applies to both Windows and Mac OS X. Where the information is relevant to one of them, this will be mentioned explicitly.


  • Application-based file encryption

    SafeGuard Enterprise Synchronized Encryption can encrypt any file created with an application specified in a policy, regardless of its file location. For example, if you specify Microsoft Word as an application for which file encryption is active, every file you create or save with Microsoft Word is automatically encrypted with the Synchronized Encryption key. Anyone whose key ring includes this key can access the file. A policy defines a list of applications for which file encryption is executed automatically

  • Outlook add-in

    To make life easier for an end user, Synchronized Encryption provides an Outlook add-in that can automatically detect an email being sent outside the organization with a file attachment. It will then ask which option (Password protected, Unprotected) the user wishes to choose. If required, the user can set a password in the dialog displayed. Alternatively, you can use a policy to define a default action that is performed automatically without any user intervention.

    Note: The Outlook add-in is only available on Windows endpoints.
  • Integration with Sophos Central Endpoint Protection - remove keys on compromised machines

    In combination with Sophos Central Endpoint Protection, keys can be removed automatically if malicious activity is detected on endpoints.
    Note: This feature is only available if you use web-based Sophos Central Endpoint Protection together with SafeGuard Enterprise.
  • Share key ring between SafeGuard Enterprise and Sophos Mobile Control

    Encryption keys from the SafeGuard Enterprise key ring can be made available in the Sophos Secure Workspace (SSW) app managed by Sophos Mobile Control. Users of the app can then use the keys to decrypt and view documents, or to encrypt documents. These files can then be securely shared between all SafeGuard Enterprise and SSW users.