I'm deploying SafeGuard Enterprise Encryption for a customer. The goal is that all data on the computers hard disk should be always automatically encrypted and can not be read if copied outside of the managed SGN clients computers.
First I thought about using Volume Based full disk encryption for internal storage (boot and non-boot volumes). I made the policy and applied it to the target computers and all the volumes got encrypted but I found out that the files are not encrypted as if I shared a file from an encrypted volume (through mail for example) the recipient can read file without needing the SGN client and the encryption key. So from my understanding, and correct me if I'm wrong, Volume Based full disk encryption makes the volume not readable if connected to a computer without SGN client and the key but the files are not encrypted.
So I tried using File Based full disk encryption which achieves what the customer needs. The files are encrypted on the hard disk and if the file is shared the recipient will not be able to read the file if he doesn't have the SGN client and the key but I can not encrypt boot volumes using file based which the user can use this limitation to share unencrypted files by opening the encrypted file from the file based encrypted volume then use "save as" from the application to the boot volume and create unencrypted copy of the file to share it.
Kindly advise about the setup required to achieve the customer's goal
This thread was automatically locked due to age.
