GUARDIANEDGE ENCRYPTED DRIVE MANAGER

Data left unprotected on laptop and desktop PCs can cost an organization millions of dollars--and even its reputation. A new generation of self-encrypting Opal-compliant disk drives reduces these risks by providing always-on hardware encryption. This advanced technology not only safeguards data but can also provide "safe harbor" from the penalties and disclosure requirements of industry and government privacy regulations. 

However, strong encryption alone is not enough to fully mitigate the risks posed by loss or theft of a PC. Effectively deploying Opal-compliant drives requires a standards-based solution that addresses the many operational challenges encountered when deploying any endpoint data protection technology. As the leader in endpoint data protection, GuardianEdge addresses these needs with a solution for managing Opal-compliant drives across the enterprise. 

GuardianEdge™ Encrypted Drive Manager provides the proven management capabilities needed to reduce the cost and complexity of implementation, deployment and ongoing administration. These span everything from activation to key escrow and recovery to services integration. Other key features include end-user access recovery, strong authentication, and comprehensive reporting. 

In hybrid environments, a common management interface makes it easy to manage self-encrypting drives and the GuardianEdge Hard Disk Encryption software-based drive encryption product from a common console.

 

contact

 
  • Protect critical mobile data stored on PCs with onboard and always-on drive encryption
  • Simply and easily deploy and administer PCs with self-encrypting hard drives with enterprise-class management
  • Effectively operationalize the authentication and encryption capabilities of Opal-compliant self-encrypting drives
  • Seamlessly manage hybrid environments that include both legacy PCs and newer machines that contain Opal-compliant drives
  • Extend pre-boot environment access control with multi-factor authentication for enhanced access protection (when combined with GuardianEdge Advanced Authentication)
  • Leverage Microsoft Active Directory® and Novell eDirectory to reduce the cost and complexity of deploying and managing an endpoint data protection solution
  • Transparently manage endpoint security policies with system policies and user policies through full integration with Active Directory GPO and native policy deployment
 
  1. What is a self-encrypting drive?
    A self-encrypting drive (SED) is a storage product that incorporates embedded services for encrypting data. An SED is visually indistinguishable from a traditional non-encrypting drive, and is built with the same form factor and hardware interfaces. A combination of onboard hardware and firmware provides encryption services based on the Advanced Encryption Algorithm (AES) using either a 128-bit or 256-bit key (depending on the drive manufacturer). All data written to the drive is encrypted. In fact, this “always-on” encryption service cannot be turned off—by either by users or malware. SEDs are designed to support a separate software solution for central management – i.e., encryption services along with the necessary application programming interfaces are built-in, enabling drives to be managed.
  2. What is the Opal standard?
    Opal is an open standard created by the Trusted Computing Group (TCG) and its Storage Work Group. It comprises a specification for a software interface to a self-encrypting drive, typically for the purpose of creating a centralized management solution for a deployment of self-encrypting drives within an enterprise organization. Both the SCSI T10 and ANSI/INCITS T13 standards committees recognize the Opal specification.
  3. Can I use any self-encrypting drive with GuardianEdge Encrypted Drive Manager?
    GuardianEdge Encrypted Drive Manager is compatible with all self-encrypting drives that support Opal v1.0 and later.
  4. Can I manage both self-encrypting drives and regular drives using the same management console?
    Yes. The GuardianEdge Data Protection Platform provides a single, common user interface for the management of both traditional (using GuardianEdge Hard Disk Encryption) and self-encrypting drives. GuardianEdge Hard Disk Encryption provides a client for software-based encryption and centralized management of traditional drives, while GuardianEdge Encrypted Drive Manager provides centralized management of self-encrypting drives. GuardianEdge Hard Disk Encryption and GuardianEdge Encrypted Drive Manager are peer applications within the GuardianEdge platform, and a management interface and can easily be installed that supports heterogeneous deployments of the two drive technologies.
  5. Why do I need a management console if the drives are always encrypted?
    While the data on a self-encrypting drive is always encrypted, the drive manufacturers do not provide a centralized management solution. The Opal specification is designed to allow software manufacturers to take SEDs under central management. GuardianEdge Encrypted Drive Manager is built to the Opal specification, and provides the critical management services necessary for successful deployment and operation of SEDs within an organization, including:
    • Administrative key backup and recovery
    • Reporting for audit and compliance
    • Multi-user support for both password and token users
    • Self-service access recovery for lost passwords or tokens
  6. Does the encryption key ever leave the drive?
    No. The key for the AES algorithm is generated by the firmware on the drive and never leaves the hardware. The drive provides no interface for extracting the key.
  7. How do I sanitize a self-encrypting drive prior to disposal?
    All SEDs support an ATA-standard command for a cryptographic “fast erase” operation. This operation deletes the existing AES key on the drive and creates a new one in its place, rendering all existing data on the drive permanently indecipherable. GuardianEdge Encrypted Drive Manager provides an administrative interface to this operation to enable fast, secure sanitization of SEDs prior to their re-purposing or disposal.
Email Page Print Page Bookmark and Share top of page