SafeGuard Enterprise - Device Encryption

Product type: Data Protection
Product Status: Completed
Assurance Level: EAL4

Version: Version 5.6 & 6.0

Product Details

Product Description

Certification Country: GERMANY (2012)
Certification Method: CC
Crypt Evaluation: Completed, see consumer guide
Evaluation Facility: BSI
Manufacturer/Vendor/Distributor: Sophos


Level 11 One Elizabeth Plaza
North Sydney NSW 2060 Australia


Mathew Young
Sales Engineering Manager ANZ

Phone: +(612) 9409 9148
Email: [email protected]


Consumer Guide

Sophos SafeGuard Device Encryption (SDE) is the partition-based encryption component of the Sophos SafeGuard Enterprise Suite. Sophos SDE encrypts data on magnetic and solid state storage devices. Encrypt-able media includes built-in storage such as hard disks and their partitions and mobile storage such as USB memory drives, SD/MMC cards and Compact Flash.

The administration of Sophos SDE is achieved through other components of the Sophos SafeGuard Enterprise Suite. A centralised database maintained by the SafeGuard Management Centre (SMC) is typically used for this purpose. This database allows for central management of a large number of SDE-installed PCs. The database stores user encryption keys, usernames and passwords, security policies, user roles, device properties, user key rings and configuration data. This information is forwarded to client PCs from the server via a network connection.

Power-on-Authentication (POA) is achieved with username and password, token, or Crypto-token and PIN, which then defines what block devices can be accessed post-boot.

Volume encryption is transparent; after POA all read/write accesses are decrypted/encryption with no further user interaction from Sophos SDE.