About SafeGuard Enterprise

SafeGuard Enterprise is a comprehensive data security solution that uses a policy-based encryption strategy to provide reliable data protection on workstations, network shares, and mobile devices. It allows users to securely share information and work with files on Windows, Mac OS X, iOS, and Android devices with the help of the Sophos Secure Workspace app.

In the SafeGuard Management Center, you manage security policies, keys, and certificates using a role-based administration strategy. Detailed logs and report functions ensure that you always have an overview of all events.

On the user side, data encryption and protection against unauthorized access are the main security functions of SafeGuard Enterprise. SafeGuard Enterprise can be seamlessly integrated into the user's normal environment.

Synchronized Encryption - application-based File Encryption

Synchronized Encryption is built on two assertions – that all data is important and must be protected (encrypted) and that encryption should be persistent wherever the data is located. In addition, important data should be encrypted automatically and transparently so that a user need not be bothered with having to decide whether or not to encrypt a file based on its perceived importance. This very basic premise, that all data is important and must be protected, ensures that all data is encrypted seamless without user intervention. This allows the user to remain productive, have their data secure and follow their existing workflows, see Synchronized Encryption.

Location-based File Encryption

  • Cloud Storage

    Cloud storage services are useful to help users access their data, wherever they are, on whatever device they're using. Improving productivity of users is important, but it’s equally critical to ensure your sensitive information stays secure once it moves to the cloud. SafeGuard Enterprise automatically and invisibly encrypts/decrypts files as they are uploaded or downloaded from cloud services.

    • Encrypts files uploaded to cloud storage services

    • Allows secure data sharing everywhere

    • Automatically detects and supports most popular cloud storage services such as Box, Dropbox, OneDrive and Egnyte

    • Reads encrypted files using our free Sophos Secure Workspace app for iOS and Android

  • File Encryption

    Encryption isn’t only for making sure data stays safe from prying eyes outside your business. It’s also useful for enabling secure collaboration and controlling files inside it. SafeGuard Enterprise goes beyond simple folder permissions and guarantees that only the right people can read the right files while still allowing IT to manage files and backups.

    • Configures file encryption for shared folders

    • Makes sure only certain users or groups are able to access data

    • Doesn’t require any interaction from your users

    • Provides an extra layer of protection if/when your corporate servers move to the cloud

  • Data Exchange

    SafeGuard Enterprise automatically and transparently encrypts files on removable media such as USB sticks, memory cards and CDs/DVDs.

    • Share encrypted data on removable media easily across your organization without impacting your users

    • Using a portable application and password, easily and securely share encrypted removable media with users not using SafeGuard Enterprise

    • Removable media whitelisting makes encryption management easier and more flexible

Full disk encryption

  • For UEFI platforms, use BitLocker managed by SafeGuard Enterprise for disk encryption. For these endpoints SafeGuard Enterprise offers enhanced Challenge/Response capabilities. For details on the supported UEFI versions and restrictions to SafeGuard BitLocker Challenge/Response support, please see the Release Notes at http://downloads.sophos.com/readmes/readsgn_8_eng.html.
Note: Whenever the description only refers to UEFI, it is mentioned explicitly.

The table shows which components are available.

  SafeGuard Full Disk Encryption with SafeGuard Power-on Authentication (POA) BitLocker with pre-boot authentication (PBA) managed by SafeGuard SafeGuard C/R recovery for BitLocker  pre-boot authentication (PBA)
Windows 7  BIOS YES YES  
Windows 7  UEFI   YES YES
Windows 8.1 BIOS   YES  
Windows 8.1 UEFI   YES YES
Windows 10   YES YES
Windows 10 Threshold 2   YES YES
Note: SafeGuard C/R recovery for BitLocker pre-boot authentication (PBA) is only available on 64-bit systems.
SafeGuard Full Disk Encryption with SafeGuard Power-on Authentication (POA) is the Sophos module for encrypting volumes on endpoints. It comes with a Sophos implemented pre-boot authentication named SafeGuard Power-on Authentication (POA) which supports logon options like smartcard and fingerprint and a Challenge/Response mechanism for recovery.

BitLocker with pre-boot authentication (PBA) managed by SafeGuard is the component that enables and manages the BitLocker encryption engine and the BitLocker pre-boot authentication.

It is available for BIOS and UEFI platforms:
  • The UEFI version additionally offers a SafeGuard Challenge/Response mechanism for BitLocker recovery in case users forget their PINs. The UEFI version can be used when certain platform requirement are met. For example the UEFI version must be 2.3.1. For details, see the Release Notes.
  • The BIOS version does not offer the recovery enhancements by the SafeGuard Challenge / Response mechanism and serves also as fallback option in case the requirements for the UEFI version are not met. The Sophos installer checks whether the requirements are met, and if not automatically installs the BitLocker version without Challenge/Response.

Protect your Macs

Data on a Mac is as valuable as data on a Windows PC, which makes it vital to include Macs in your data encryption strategy. SafeGuard Enterprise protects your Macs with file and disk encryption and ensures that the data on your Macs is secure at all times. It includes encryption capability for removable media, network file shares and cloud on Mac.

For Mac endpoints the following modules are available. They are also managed by SafeGuard Enterprise or at least report to the Management Center.

  Synchronized Encryption

- application-based

Sophos SafeGuard File Encryption

- location-based

Sophos SafeGuard Native Device Encryption

- FileVault 2 management

OS X 10.9 YES YES YES
OS X 10.10 YES YES YES
OS X 10.11 YES YES YES
macOS 10.12 YES YES YES

Sophos Secure Workspace

Encryption keys from the SafeGuard Enterprise key ring can be made available in the Sophos Secure Workspace (SSW) app managed by Sophos Mobile Control. Users of the app can then use the keys to decrypt and view documents, or to encrypt documents. These files can then be securely shared between all SafeGuard Enterprise and SSW users. For more information, see the Sophos Secure Workspace documentation.