Full disk, file encryption and data protection.

Ensure data privacy by encrypting data stored on your endpoints.

Most people know that it’s more than just the physical hardware; that the data is valuable as well. However, most people don’t know exactly how valuable that data is. For example, when you lose a Windows based laptop, you’ll also lose the user’s domain password (cached), the password of the last 10 people to log on – possibly even a domain admin, all email – even if email is stored on the server the confidentiality is compromised, all files recently opened – Even if those files were encrypted on a server drive, the key to every wireless access point ever used, and any remembered data in browsers – such as banking passwords, addresses, credit card numbers.

We don’t think of this data because we don’t see most of it – but for performance and ease of use reasons, Windows keeps a copy of pretty much everything you’ve used, opened or visited. The effect of a laptop theft could be devastating.

You could use file encryption and file system encryption to make it more difficult to retrieve some of this data, but it can be difficult to manage – and can especially cause problems if an employee leaves or forgets their password! It’s also not entirely secure. Operating systems can be cracked offline, completely bypassing the encryption.

The answer is centrally managed whole disk encryption. This type of encryption replaces the Windows bootloader, and encrypts everything – including the Windows kernel, making offline compromise of the operating system extremely unlikely.

Integrating tightly with Active Directory, user management is easy – when the user changes their password, their encryption password changes too. If the user forgets their password, an administrator can unlock the computer for them.

If you need further security, Content Security can design and implement encryption systems that can automatically encrypt email – managing encryption keys, and even auto-enrolling third parties into the system. We can even include file server encryption, preventing the retrieval of data if a file server is stolen, or compromised remotely. Without the correct key, even domain admin rights don’t help a hacker get access to protected files.

And unlike earlier solutions, encryption has become nearly transparent to the end users. There is no need to manage keys, repeatedly enter passwords, or manually encrypt or decrypt anything. All this is managed by policies set by the administrator.

If you believe you have data worth protecting – and remember passwords and history is data that can be stolen, then it might be worth talking to us about how to protect that data.