Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.

Protecting endpoint data with ZENworks encryption

Micro Focus Contributor
Micro Focus Contributor
2 0 1,086

Jason Blackett (@ZENguruInfo), Director of Product Management at Micro Focus, recently published a TechBeacon article titled Three Endpoint Encryption Strategies You Need to Know. The article outlines the three primary endpoint encryption capabilities available in today’s market and provides strategies to help you decide what capabilities best fit your needs. It’s a quick 5-minute read that I highly recommend.

Protecting endpoint data with ZENworks encryption.png

  • full-disk encryption for both fixed disks and removable drives
  • folder encryption
  • transparent file encryption

The first two—full-disk and folder encryption—protect data-at-rest to ensure that if a physical device (laptop, USB stick, mobile device) is lost or stolen its data cannot be accessed. The third—transparent file encryption—protects data-in-motion, ensuring that when data moves off a device it is still encrypted.

As an endpoint management and protection solution, Micro Focus ZENworks provides both of the data-at-rest encryption capabilities, allowing you to protect your organization’s data while it resides on your endpoint’s fixed disks and removable data drives. I’ve taken a minute to provide a brief overview below of what ZENworks provides.

Full-disk encryption of fixed disks

ZENworks Full Disk Encryption provides policy-enforced encryption of fixed disks on Windows endpoints, allowing you to choose whether to encrypt the entire disk or target individual partitions. You can also encrypt multiple disks on the same device. Files on the encrypted disk are only accessible once a user logs into Windows on the device. The optional pre-boot authentication (PBA) provides an additional layer of authentication security prior to the Windows login. Both PBA password recovery and emergency data recovery are provided to protect against accidental data loss.

ZENworks Configuration Management enables encryption of storage on mobile devices using the mobile device management capabilities provided by the device’s OS.  As with Windows devices, policies are created and assigned to devices via the centralized ZENworks management console.

Full-disk encryption of removable data drives

ZENworks Endpoint Security Management provides policy-enforced encryption of removable data drives on Windows endpoints, allowing you to enforce Microsoft BitLocker encryption on any drives that native BitLocker recognizes as Removable Data Drives. Windows 7, Windows 8, and Windows 10 devices are all supported. In addition to supporting the standard BitLocker options, ZENworks enhances the experience by adding centralized certificate management that enables forgotten passwords to be reset. It also provides the option to restrict the unlocking of encrypted drives to ZENworks-managed devices only.

ZENworks Configuration Management enables encryption of removable drives (SD cards) on mobile devices using the mobile device management capabilities provided by the device’s OS.

Folder-encryption for fixed disks

Beginning with ZENworks2020, ZENworks Endpoint Security Management provides folder-based encryption of files on Windows fixed disks using native Microsoft Encrypting File System (EFS) technology. You use the encryption policy to define folders, such as the Documents folder, that they want encrypted on all devices. Optional secondary authentication lets you require users to enter a second password, after Windows login, before they can access encrypted folders and files. Because ZENworks stores the encryption certificates centrally, you can always recover files and enable users to reset their secondary password.

Let me know if you want to talk endpoint management:

Darrin VandenBos (@DarrinVandenBos)
Product Manager, Endpoint Management

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.