Modernizing Authentication — What It Takes to Transform Secure Access
More than 100 million users in 150 countries rely on Sophos security solutions as protection against complex threats and data loss. Its encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs, a global network of threat intelligence centers.
Sophos currently has two main encryption products: The cloud-managed Sophos Central Device Encryption, and Sophos SafeGuard Enterprise for installation on premises. Sophos Central Device Encryption is the easiest way to centrally manage full disk encryption for Windows and macOS because it requires no on-premises infrastructure, minimizes IT workload, and is rapidly deployed. Sophos SafeGuard Enterprise provides protection against unauthorized access and data breaches for organizations who want to protect their data.
Overall features include mobile recovery of BitLocker or FileVault Recovery keys, granting of access to encrypted files based on the security state of the endpoint, full disk encryption, central management for Windows BitLocker and macOS FileVault, service-to-service key recovery, role-based access, application-based encryption, and compliance monitoring and reporting capabilities.
"Employees can obtain their recovery keys without IT involvement on their mobile devices via the Sophos Secure Workspace app, saving time, and gets users back to work in the shortest time," said Petter Nordwall, Director of Product Marketing, Sophos.
All Sophos encryption products use agents to manage the encryption processes. For Sophos Central Device Encryption, the agent is deployed as part of the endpoint enrollment workflow in Sophos Central, Sophos' unified, integrated, web-based administration interface. For Sophos SafeGuard Enterprise installed on the user premises, the client agent can be deployed via Active Directory, manual install, or deployment software like System Center Configuration Manager (SCCM).
Markets and Use Cases
Sophos SafeGuard Enterprise has a strong presence within regulated industries such as government, healthcare, education and finance. Sophos SafeGuard Enterprise has a long history of certifications for European military-grade encryption technology.
It is designed with scalability in mind, and supports database and server clustering without any theoretical upper limits. Organizations of up to hundreds of thousands of users use the product with no performance decrease due to scale, added Nordwall.
SafeGuard Encryption is certified for FIPS and VS-NfD. Sophos Encryption helps organizations comply with:
- PCI DSS
Input is used from other Sophos technologies to make key release decisions. The "triangle of trust" applies automated always-on, transparent encryption. The system looks at user, system and application integrity to determine whether a user, system or application is trusted to access and decrypt files. For example, if a user has shown inappropriate and unwanted browsing behavior and can no longer be trusted (or has been fired), the system will revoke user keys, preventing access to any files on that endpoint or system.
Standalone or Suite
Offered both as a standalone product and as part of the larger Sophos suite.
Sophos Central Device Encryption is a cloud-based solution. Sophos SafeGuard Enterprise Encryption is for installation on premises.
Sophos is a channel-only company and uses a two-tier channel model in most regions worldwide. Most Sophos products are offered as a subscription-based licensing model with varying term lengths. As an indication and guideline, a one-year subscription license SRP in the 100-user discount band:
- Sophos SafeGuard Enterprise: USD 53.00 / user / year
- Sophos Central Device Encryption: USD 20.00 / user / year