Jason Blackett (@ZENguruInfo), Director of Product Management at Micro Focus, recently published a TechBeacon article titled Three Endpoint Encryption Strategies You Need to Know. The article outlines the three primary endpoint encryption capabilities available in today’s market and provides strategies to help you decide what capabilities best fit your needs. It’s a quick 5-minute read that I highly recommend.
- full-disk encryption for both fixed disks and removable drives
- folder encryption
- transparent file encryption
The first two—full-disk and folder encryption—protect data-at-rest to ensure that if a physical device (laptop, USB stick, mobile device) is lost or stolen its data cannot be accessed. The third—transparent file encryption—protects data-in-motion, ensuring that when data moves off a device it is still encrypted.
As an endpoint management and protection solution, Micro Focus ZENworks provides both of the data-at-rest encryption capabilities, allowing you to protect your organization’s data while it resides on your endpoint’s fixed disks and removable data drives. I’ve taken a minute to provide a brief overview below of what ZENworks provides.
Full-disk encryption of fixed disks
ZENworks Full Disk Encryption provides policy-enforced encryption of fixed disks on Windows endpoints, allowing you to choose whether to encrypt the entire disk or target individual partitions. You can also encrypt multiple disks on the same device. Files on the encrypted disk are only accessible once a user logs into Windows on the device. The optional pre-boot authentication (PBA) provides an additional layer of authentication security prior to the Windows login. Both PBA password recovery and emergency data recovery are provided to protect against accidental data loss.
ZENworks Configuration Management enables encryption of storage on mobile devices using the mobile device management capabilities provided by the device’s OS. As with Windows devices, policies are created and assigned to devices via the centralized ZENworks management console.
Full-disk encryption of removable data drives
ZENworks Endpoint Security Management provides policy-enforced encryption of removable data drives on Windows endpoints, allowing you to enforce Microsoft BitLocker encryption on any drives that native BitLocker recognizes as Removable Data Drives. Windows 7, Windows 8, and Windows 10 devices are all supported. In addition to supporting the standard BitLocker options, ZENworks enhances the experience by adding centralized certificate management that enables forgotten passwords to be reset. It also provides the option to restrict the unlocking of encrypted drives to ZENworks-managed devices only.
ZENworks Configuration Management enables encryption of removable drives (SD cards) on mobile devices using the mobile device management capabilities provided by the device’s OS.
Folder-encryption for fixed disks
Beginning with ZENworks2020, ZENworks Endpoint Security Management provides folder-based encryption of files on Windows fixed disks using native Microsoft Encrypting File System (EFS) technology. You use the encryption policy to define folders, such as the Documents folder, that they want encrypted on all devices. Optional secondary authentication lets you require users to enter a second password, after Windows login, before they can access encrypted folders and files. Because ZENworks stores the encryption certificates centrally, you can always recover files and enable users to reset their secondary password.
Let me know if you want to talk endpoint management:
Darrin VandenBos (@DarrinVandenBos)
Product Manager, Endpoint Management
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.