Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 5 subscribers
  • Views 10509 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Complete security Suite - what do I get for encryption?

Nodrog

Hi

I have just upgraded to the complete security suite but i am at a loss when it comes to encryption.

I have an installer for SafeGuard Easy which I ran through and tested on a few machines. It seems to work well but I found the lack of deployment tools and managing end user keys a bit of a pain.

I then read that with the Complete Security Suite I can manage encryption from the Sophos Enterprise Console which seems to be a far simpler deployment method. So I remove the encryption from the test machines and uninstalled the SGE policy editor.

I then upgraded my enterprise console to 5.1 which sure enough has the encryption policy and deployment features in it.

I though the SafeGuard Easy was the cut down version of Sophos' encryption portfolio, but looking at the setting in Enterprise Console, it looks like the poor relation to SafeGuard Easy. Am I wrong?

There are no configuration options for removable media or changing the POA images. Is it just on or off?

Should I revert back to SGE if I want some control over my encryption?

Anybody else tried both solutions that has any views on either?

thanks

:37193


This thread was automatically locked due to age.
  • 0

    Hello Nodrog,

    while simple to deploy, Sophos Disk Encryption (SDE - the version you get with SEC) has only a very limited set of configuration options and also encrypts local volumes ("disks") only. There's no customization and policies are per-machine (while you can see assigned users you can't manage them at all). 

    In short, SEC/SDE just encrypts your hard disks, no bells and whistles. I think that Easy is more or less about to be phased out, if you want by-user management or one of the other modules you should consider SafeGuard Enterprise.

    Christian 

    :37209
  • 0

    The Safeguard Enterprise installer can be deployed through Group Policy if you need an automatic deployment option (the installers are just .msi files that group policy can use). At our place, we manually install the software off of usb thumb drives for the pure sake of simplicity. Another idea is to set up a central network share with the installers stored on it.

    USB thumb drives and removable media are encrypted through the "Data Exchange" package. Through the management console, you can set a policy stating that either all removable media must be encrypted before use or the user can choose to encrypt the media. The management console will also keep track of the keys your user's are using. The only downside to Data Exchange is that only machines with the safeguard client installed can read the encrypted files.

    :37217
  • 0

    Thanks for the replies. That clarifies and confirms what I thought.

    I think for now, deploying Safeguard Easy with GPOs is the best solution for us as the USB option is handy.

    Now that I have upgraded my Enterprise console/Management server to include the Full Disk encryption, do you know if it is possible to run SafeGuard Easy along side the Endpoint Security (assuming I don't use encryption from Enterprise Console)?

    Cheers.

    :37247
  • 0

    Hi Nodrog,

    on the client side, running SafeGuard Easy and the Endpoint Security Client (w/o encryption) on the same machine is not a problem.

    Please mind that the side by side installation of the SafeGuard Easy Policy Editor and the Sophos Enterprise Console incl. Full Disk Encryption on the same machine is not possible.

    Side by side installation of both components works, if the Sophos Enterprise Console is not used to manage Full Disk Encryption.

    Cheers,

    Chris

    :37259
  • 0

    thanks for clarifying that Chris.

    Gordon.

    :37401
Unfiltered HTML