SafeGuard Enterprise is a comprehensive data security solution that uses a policy-based encryption strategy to provide reliable data protection on workstations, network shares, and mobile devices. It allows users to securely share information and work with files on Windows, Mac OS X, iOS, and Android devices with the help of the Sophos Secure Workspace app.
In the SafeGuard Management Center, you manage security policies, keys, and certificates using a role-based administration strategy. Detailed logs and report functions ensure that you always have an overview of all events.
On the user side, data encryption and protection against unauthorized access are the main security functions of SafeGuard Enterprise. SafeGuard Enterprise can be seamlessly integrated into the user's normal environment.
Synchronized Encryption is built on two assertions – that all data is important and must be protected (encrypted) and that encryption should be persistent wherever the data is located. In addition, important data should be encrypted automatically and transparently so that a user need not be bothered with having to decide whether or not to encrypt a file based on its perceived importance. This very basic premise, that all data is important and must be protected, ensures that all data is encrypted seamless without user intervention. This allows the user to remain productive, have their data secure and follow their existing workflows, see Synchronized Encryption.
Cloud storage services are useful to help users access their data, wherever they are, on whatever device they're using. Improving productivity of users is important, but it’s equally critical to ensure your sensitive information stays secure once it moves to the cloud. SafeGuard Enterprise automatically and invisibly encrypts/decrypts files as they are uploaded or downloaded from cloud services.
Encrypts files uploaded to cloud storage services
Allows secure data sharing everywhere
Automatically detects and supports most popular cloud storage services such as Box, Dropbox, OneDrive and Egnyte
Reads encrypted files using our free Sophos Secure Workspace app for iOS and Android
Encryption isn’t only for making sure data stays safe from prying eyes outside your business. It’s also useful for enabling secure collaboration and controlling files inside it. SafeGuard Enterprise goes beyond simple folder permissions and guarantees that only the right people can read the right files while still allowing IT to manage files and backups.
Configures file encryption for shared folders
Makes sure only certain users or groups are able to access data
Doesn’t require any interaction from your users
Provides an extra layer of protection if/when your corporate servers move to the cloud
SafeGuard Enterprise automatically and transparently encrypts files on removable media such as USB sticks, memory cards and CDs/DVDs.
Share encrypted data on removable media easily across your organization without impacting your users
Using a portable application and password, easily and securely share encrypted removable media with users not using SafeGuard Enterprise
Removable media whitelisting makes encryption management easier and more flexible
For BIOS platforms you can choose between SafeGuard Full Disk Encryption and BitLocker encryption managed by SafeGuard Enterprise. The BIOS version comes with the BitLocker native recovery mechanism.
The table shows which components are available.
|SafeGuard Full Disk Encryption with SafeGuard Power-on Authentication (POA)||BitLocker with pre-boot authentication (PBA) managed by SafeGuard||SafeGuard C/R recovery for BitLocker pre-boot authentication (PBA)|
|Windows 7 BIOS||YES||YES|
|Windows 7 UEFI||YES||YES|
|Windows 8.1 BIOS||YES|
|Windows 8.1 UEFI||YES||YES|
|Windows 10 Threshold 2||YES||YES|
BitLocker with pre-boot authentication (PBA) managed by SafeGuard is the component that enables and manages the BitLocker encryption engine and the BitLocker pre-boot authentication.
Data on a Mac is as valuable as data on a Windows PC, which makes it vital to include Macs in your data encryption strategy. SafeGuard Enterprise protects your Macs with file and disk encryption and ensures that the data on your Macs is secure at all times. It includes encryption capability for removable media, network file shares and cloud on Mac.
Manage file or disk encryption for Macs in the same Management Center as all other devices
Manage FileVault 2 encrypted devices
Works in the background without impacting performance
Complete visibility and reporting on encryption status
For Mac endpoints the following modules are available. They are also managed by SafeGuard Enterprise or at least report to the Management Center.
|Sophos SafeGuard File Encryption
|Sophos SafeGuard Native Device Encryption
- FileVault 2 management
|OS X 10.9||YES||YES||YES|
|OS X 10.10||YES||YES||YES|
|OS X 10.11||YES||YES||YES|
Encryption keys from the SafeGuard Enterprise key ring can be made available in the Sophos Secure Workspace (SSW) app managed by Sophos Mobile Control. Users of the app can then use the keys to decrypt and view documents, or to encrypt documents. These files can then be securely shared between all SafeGuard Enterprise and SSW users. For more information, see the Sophos Secure Workspace documentation.