Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 6 subscribers
  • Views 2287 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SafeGuard File Encryption as appropriate encryption tool on application and database server ?

Tomas Jalc

Hello

I would like to inform about Sophos solutions: I found some information about Sophos enterprise solutions SafeGuard File Encryption and SafeGuard Disk Encryption. But I am not sure whether it is right for me.

I am looking for some solution for data encryption. I need to encrypt data in database, in database server, files (such as documents – PDF, doc, xlsx; images – jpg, png, …) in application server or in general in some storage server. Only app and some users have access into database and those files.

  1. What kind of solution would you offer me ? SafeGuard File Encryption, SafeGuard Disk Encryption or something different ?
  2. I need something what does not have impact on server response (I mean encryption and decryption process will not slow down server response).
  3. I would like to know how the key policy is set up. The keys are stored in our servers or in Sophos servers ?
  4. If the keys are stored on Sophos side, who has the access to them ?
  5. Can we set up key policy – who has access to the keys ?
  6. Implementation process – How does it look like ? Do we just install some package on servers where data should be encrypted or we can download some library which will be inserted into application source code ? (application has access into database, into files, it works with those data).

Let´s imagine that like application with some database. All data used in application have to be encrypted.

  1. What kind of cypher method is used, AES 256 bit ?
  2. When the data are encrypted, are data encrypted if they are transferred on another medium (flash disk, SSD, …) or if backup is made (is backup encrypted) ?

Our database server is: Microsoft SQL Server 2008 R2 (SP1) - 10.50.2550.0 (X64)   Jun 11 2012 16:41:53   Copyright (c) Microsoft Corporation  Enterprise Edition (64-bit) on Windows NT 6.1 <X64> (Build 7601: Service Pack 1)

Our application servers are: Windows Server 2008 R2 and Windows Server 2012 R2.

  1. Will some Sophos solution work on our servers ?

Thank you in advance !

Best regards,

Tomáš Jalč.



This thread was automatically locked due to age.
Parents
  • 0

    Hi Tomas - I'm afraid that SafeGuard won't be the ideal tool for your circumstances. The client is designed for workstation OS and not server, so this will be the first hurdle. Although you could (and can) encrypt files residing on Windows servers - it's not really what you're asking for here.

    The encryption strength is dependant on OS of the client. With Windows 8 and above the management is done by BitLocker for Windows clients and FileVault2 for Mac clients. For Windows this is easy to set through GPO or the console, but in essence SafeGuard supports whatever encryption algorithm the OS does. 

    In terms of some of the other answers - Sophos SafeGuard Enterprise is on-prem, so keys are kept on your network on your hardware. However, you can get SafeGuard for Sophos Central too and this is cloud hosted on their hardware. 

    In on-prem you have a role based structure and can easily control how has access to recovery keys. I believe the same exists for Central - but I can't confirm this 100%....I'm not on it!

    So I'm afraid most of your questions I can't answer - as this product (in my opinion) isn't really suitable for your needs. However - do contact Sophos sales and they can possible point you in the right direction?

  • 0 in reply to MichaelMcLannahan

    Hi Michael,

    thank you for your quick response.

    I have some extra questions.

     On the web page is about SafeGuard File Encryption written:

    „SafeGuard File Encryption provides file-level encryption through two options: file/folder encryption and next-generation synchronized encryption. Regardless of the option you choose, you can still secure files everywhere; on computers, removable media, cloud storage, and through file shares.“

    1. Does not it mean that I can secure data on database and application server ?
    2. If yes, can I set up security policy this way – only server admins will NOT have access to encrypted files/folders ?

    The same questions I have for SafeGuard Disk Encryption where (on the web page) is written:

    „Sophos provides centralized management for full disk encryption with the ability to centrally manage device encryption for BitLocker/FileVault 2. You can deploy and manage full disk encryption across Windows and Mac computers using SafeGuard Disk Encryption or Sophos Central Device Encryption.“

    Thank you.

Reply
  • 0 in reply to MichaelMcLannahan

    Hi Michael,

    thank you for your quick response.

    I have some extra questions.

     On the web page is about SafeGuard File Encryption written:

    „SafeGuard File Encryption provides file-level encryption through two options: file/folder encryption and next-generation synchronized encryption. Regardless of the option you choose, you can still secure files everywhere; on computers, removable media, cloud storage, and through file shares.“

    1. Does not it mean that I can secure data on database and application server ?
    2. If yes, can I set up security policy this way – only server admins will NOT have access to encrypted files/folders ?

    The same questions I have for SafeGuard Disk Encryption where (on the web page) is written:

    „Sophos provides centralized management for full disk encryption with the ability to centrally manage device encryption for BitLocker/FileVault 2. You can deploy and manage full disk encryption across Windows and Mac computers using SafeGuard Disk Encryption or Sophos Central Device Encryption.“

    Thank you.

Children
No Data
Unfiltered HTML