Winmagic Data Security
Protecting your sensitive data across the enterprise
Encryption of sensitive data and personal identifiable information (PII) is no longer optional. Whether it is data breach legislation, privacy regulation or good old fashioned intellectual property protection, organizations must protect their sensitive data. In today's increasingly mobile world, you must mitigate the risks and control the exposure associated with data at rest on hard drives, removable media, and other endpoints. WinMagic's SecureDoc solutions provide a complete and robust range of capability to help ensure your sensitive data is secure.
WinMagic offers a full range of data security solutions to solve real problems:
Protecting Personally Identifiable Information & Sensitive Data
With today's highly mobile work forces, data is mobile as well. According to IDC, 60% of enterprise data resides unprotected on laptops and desktops. Loss or theft of a laptop costs more than the value of its hardware ? the cost of lost data can be extreme. It's not just about protecting trade secrets and confidential financial data. Today, legislation is driving the need to protect personally identifiable information (PII). In other words, information about your employees or customers on a laptop that goes missing represents a significant risk. The risk is not only in terms of investigation, notification and resolution costs, but also damage to brand, losses of public and investor confidence, lost opportunities and more.
SecureDoc Full Disk Encryption Protects Your Laptops
Since 1997, SecureDoc has helped leading enterprises and government agencies all over the world, protect data-at-rest on their laptops. SecureDoc offers robust full disk encryption / Laptop encryption to defend all data on laptop hard drives, and address compliance with privacy and data breach laws. Laptop Data Security Solution, SecureDoc uses certified AES-256 cryptography to encrypt the entire hard drive on a sector-by-sector basis. Sensitive data is well protected, and the risks and costs associated with data breaches are mitigated.
SecureDoc allows you to centrally deploy, enforce and manage encryption. Report and audit capabilities verify the encryption status of your laptops. Once SecureDoc is protecting a laptop, all data is encrypted automatically 'on the fly' (no user intervention is required). WinMagic's approach to encryption software is that anything you can do with your laptop before encryption, you should be able to do AFTER laptopencryption (some users don't even realize their laptop isencrypted).
Encrypt Your Servers
If a server or its hard drives go missing, the damage caused by a data breach can be catastrophic. The loss of a laptop or USB thumb drive pales in comparison to the risk associated with a server that contains (for instance) ALL of your customer data or intellectual property. This is a risk that must be mitigated.
All drives eventually leave the building
Just because a server room is on-premises and has a locked door, this does not ensure that data on the servers will remain secure. In the modern enterprise, a range of scenarios can put the data on those servers at risk, including:
- the prevalence of hot-pluggable drives making sensitive data portable even when the server is not;
- insider threats or external threats;
- offline/offsite storage of data;
- drives taken offsite for repair/maintenance;
- exposure of data during transit of the servers/drives between locations;
- data on servers in temporary field offices or other mobile locations; and
- the decommissioning of server drives.
SecureDoc offers robust full-disk encryption with support for the large drives and RAID controllers found in servers, to defend all data on server hard drives, and address compliance with privacy and data breach laws. SecureDoc uses certified AES-256 cryptography to encrypt the entire hard drive on a sector-by-sector basis. Sensitive data is well protected, and the risks and costs associated with data breaches are mitigated.
SecureDoc Enterprise Server allows you to centrally deploy, enforce and manage server encryption along with encryption of all the other endpoints across the enterprise. Report and audit capabilities verify the encryption status of your servers. Once SecureDoc is protecting a server, all data on that server is encrypted automatically 'on the fly' (no intervention is required).
Deploying encryption on a single laptop can be challenging for some users. Multiplying this challenge across hundreds of users (or thousands of users), especially in a heterogeneous environment, can cause a rapidly escalating total cost of ownership for the encryption solution (and a significant headache for IT staff). An encryption solution that is "good enough" for one laptop or a small group can become a liability when deployed across an enterprise.
An Encryption Solution Designed for the Enterprise
SecureDoc is deployed at leading enterprises and government agencies, some of which boast many tens of thousands of users (often in very heterogeneous environments). These organizations were able to deploy SecureDoc rapidly and effectively to protect their sensitive data, largely through the capabilities of SecureDoc Enterprise Server (SES).
SES offers a central management console for SecureDoc that enables administrators to address the major needs of encryption in the enterprise: user and group management supports granular control over policy as it is applied to users; an advanced key management system provides for the creation, administration, escrow and recovery of encryption keys; software distribution tools accelerate and simplify deployment; user support tools reduce administrative overhead and ensure that users can remain produc-tive; and audit logs and reports provide proof of compliance and support for discovery processes.
SecureDoc Pre-Boot Authentication
What it does
Improves the security and flexibility of authentication at pre-boot to better protect your sensitive data.
How it works
SecureDoc offers an industry-leading number of integrations with additional authentication methods including smartcards, tokens, biometrics, PKI and TPM. In fact, SecureDoc is the only solution with biometric authentication at pre-boot.
Passwords are the most common pre-boot authentication method, but without strong password rules, passwords can be a weak link in the encryption solution. One alternative is to supplement the passwords with a second 'authentication factor'. Alternatively, a physical or biometric option may be chosen as the single factor for authentication. WinMagic has extensive pre-boot authentication capabilities.
Our "5 Factors Of Authentication" are:
|Something you know||Password (Quality rules set centrally and enforced locally at pre-boot.)|
|Something you have||PIV/CAC cards, SPYRUS (for Suite B) plus support for a broad range of other tokens (RSA SID800, ?)|
|Something you are||Biometrics (e.g. Support for built-in UPEK finger print reader)|
|Where you are||Check integrity locally of pre-boot environment
TPM (credentials tied to specific machine)
Verify on an authorized Network
|Someone who trusts you||Verify on the network that even though the user has the local credentials that they have not been revoked (e.g. on PKI revocation List) AND that the pre-boot environment passes an integrity check. The machine will not be able to boot unless the network based server provides the required key.|
Port Control Encryption
What it does
Gives you control over access to any USB devices connected to a SecureDoc-protected machine
How it works
By default, SecureDoc port control locks down any and all access to USB devices other than basic human interface devices (mouse, keyboard, etc.). Administrators can then selectively 'open up' classes, models, or individual device serial numbers. USB devices are everywhere. iPods, thumb drives, portable hard drives, music players, cameras... the very convenience and portability of these devices also makes them a risk to the security of your organization's sensitive data. The dangers of so-called 'Pod Slurping' are significant: an iPod or similar small device can easily download and store gigabytes of sensitive corporate data in a very short time frame.
The answer is to use a solution like SecureDoc, which enables administrators to lock down access to connected USB devices.
Port Control also has applications in the area of supporting anti-malware. As USB drive manufacturers develop and release drives with embedded anti-malware capabilities, SecureDoc administrators can choose to permit ONLY those approved devices, which have the anti-malware functionality. This permits an additional layer of protection for corporate systems and helps avoid infection.
Port Control Features
- Lock down access to any/all USB devices
- 'White lists' for authorized devices, defined by class, model or unique serial number
- Standard Human Interface Devices permitted
- Automatic device detection & identification
- Definable policy by user and group
UPEK Biometric at Pre-Boot
What it does
Improves the security and flexibility of pre-boot authentication
How it works
"Small and medium businesses face significant risks and penalties when laptops or portable storage media, containing valuable data assets or personal identifiable information (PII), go missing. However, SMBs typically lack sufficient IT resources and policies to protect data relative to larger enterprises. Many data encryption solutions are burdensome to end users and are too complex for SMBs since they are often designed for larger business customers. The Biometric Authentication + Hard Disk Encryption Solution offers SMBs an easy-to-deploy solution that mitigates the risk of damaging data breaches and helps ensure compliance with regulatory standards, and at the same time makes the end user experience virtually
WinMagic's SecureDoc Express Disk Encryption allows SMBs to centrally deploy, enforce and manage government-grade AES encryption so that data is automatically encrypted "on the fly" without user intervention. Central reporting and audit trails enable SMBs to demonstrate compliance with regulatory standards. AuthenTec's UPEK award-winning Eikon fingerprint reader, by allowing end users to simply swipe their finger to authenticate, strengthens traditional password-based user authentication and lowers IT support desk costs associated with password resets.
"It's simply amazing. Personally, ever since WinMagic enabled SecureDoc to accept pre-boot authentication with AuthenTec's UPEK biometric solutions, I rarely use a password again to either authenticate to my notebook or logon to the computer system" said Thi Nguyen-Huu, CEO and President of WinMagic Inc. He continued, "It's capabilities have tremendously assisted us in dramatically enhancing a positive customer experience in using SecureDoc full-disk encryption. This was one of the main drivers in configuring a bundled offering to the SMB market that should assist these customer in securing PII or sensitive data within their environment."
Protect Removable Media
No password required; secure & transparent sharing
Removable media are everywhere ? USB thumb drives, CDs, DVDs, memory cards ? their utility and convenience poses a significant risk to compliance with privacy and data breach legislation as well as data security.
Banning the use of removable media isn't the answer ? intentional or accidental circumvention leaves the organization at risk. Also, when removable media encryption is deployed across the organization, additional challenges emerge: "how do I easily share this with other authorized users" and "how do I securely share this with 3rd parties"?
Encrypt all media; don't require passwords
SecureDoc can protect your hard drives along with an unlimited amount of removable media for less than the cost of a typical self-encrypted USB flash drive. You can use SecureDoc to ensure that data leaving your encrypted computers for other media stays encrypted. Audit trails and tracking help you to prove compliance and protect your organization.
SecureDoc solves the dilemma of passwords and removable media through intelligent key management. SecureDoc has two options available to achieve this: group key support and a unique dynamic 'key on demand' capability. By using group keys and 'on demand' keys, users with encrypted removable media can seamlessly share them with other authorized users. If an unauthorized person attempts to view the removable media, the sector-by-sector encryption means that it is totally inaccessible ? not even the file or folder names are visible.