GUARDIANEDGE REMOVABLE STORAGE ENCRYPTION

• Benefit from the "safe harbor" provided by encryption to eliminate the legal liability, customer service costs and brand erosion associated with data breach disclosures when removable storage devices or removable media are lost or stolen
• Safeguard intellectual property using AES-128 or AES-256 bit encryption to protect data on removable storage devices and removable media
• Leverage Microsoft Active Directory and Novell eDirectory to reduce the cost and complexity of deploying and managing an endpoint data protection solution
• Transparently manage endpoint security policies with system policies and user policies through full integration with Active Directory GPO and native policy deployment
• Per file authentication ensures that only authorized users can access data on removable storage when devices are shared
• When combined with GuardianEdge Advanced Authentication, enhance access protection with certificate-based user authentication
• Complements GuardianEdge Device Control – the combination makes possible a two-tiered approach to preventing data loss and data leakage from removable storage media and associated ports
• When combined with GuardianEdge Altiris Connector, proactively identify and protect systems at risk of data loss and remediate from the same console as administrators now use for configuration, patch and update management

Supported Ports

• USB, FireWire, floppy, CD/DVD

Supported Devices

• Memory cards: SD, MMC, CDC, SMC, etc.
• Memory sticks and thumb drives
• Internal and external – floppy, CD and DVD writers
• Removable hard drives
• All devices recognized as storage media by supported OS releases

CD/DVD Support

• Encrypt data written to CDs and DVDs
• Native CD and DVD burner – can replace other CD and DVD burning software

Encryption

• 256- or 128-bit AES encryption of stored data
• Granular file-level data encryption policies
• Support for password or digital certificate user authentication keys
• FIPS 140-2 validated cryptographic library

Self-extracting Archives

• Easily distribute encrypted data on storage devices and through email
• Access data via password entry without requiring additional software

Removable Storage Access Utility

• Enables access to encrypted data on computers without GuardianEdge Removable Storage installed
• Resides on removable storage media, requires a very small footprint
• Decrypts and encrypts data

Key and Password Administration and Recovery

• Administrator-assisted password recovery
• Recovery of encrypted data in the event of lost tokens or passwords

GuardianEdge Data Protection Platform

• Native Microsoft Active Directory integration
• Support for Novell eDirectory and for non-domain computers
• Single console for Active Directory, eDirectory and other computers
• Common administration and management with other GuardianEdge endpoint data protection products

The Only Native Active Directory Integration

• Deploy and manage with existing infrastructure
• Low training and support costs
• Fast rollouts
• GPO-based policy deployment
• MMC snap-in architecture
• Role-based policy administration
• Detailed auditing and reporting

Client Computers

• Microsoft Windows XP Pro SP2 and SP3, Windows 2000 SP4, Windows Vista; Business, Enterprise and Ultimate, Windows Server 2003 SP1 and SP2

GuardianEdge Management Server

• Microsoft Server 2003 Standard or Enterprise

Database - Microsoft SQL Server 2005

• Express Edition with Advanced Services, Standard or Enterprise

GuardianEdge Advanced Authentication Integration

• Extend data protection with certificate-based user authentication by adding GuardianEdge Advanced Authentication to Removable Storage Encryption
• Smartcard/Common Access Card (CAC) support
• Extensive support for readers and tokens
• PKI environment support

GuardianEdge Altiris Connector Integration

• Integrates GuardianEdge Hard Disk and Removable Storage Encryption controls with the Altiris Notification Server
• Manage Removable Storage Encryption and Hard Disk Encryption from a common management environment with asset, configuration, patch and update
• Easily identify systems without protection
• Remediate immediately from the Altiris Notification Server

• The industry’s only native Active Directory integration
  The unique GuardianEdge approach to management is based on an MMC snap-in architecture, MSI and EXE files for deployment, as well as Microsoft Active Directory GPOs for policy control. This approach leverages the significant investment that organizations have already implemented in Active Directory—a scalable, robust and familiar management environment. It includes existing organizational structures such as groups, OUs and domains, role based administration, training, replication and failover. The result is the industry’s lowest total cost of ownership, with minimal training requirements for IT staff and fast deployments.

• Manage endpoint data protection for all PCs from the same console
  GuardianEdge not only offers the industry’s only native integration to Active Directory but also supports Novell eDirectory and non-domain endpoints from the same single console management environment. This makes it possible for organizations that primarily use eDirectory as their directory services solution—or those that use it in addition to Active Directory—to get the full benefit of the integrated GuardianEdge data protection platform. In addition, as users increasingly work from home with either a full-time or part-time connection to the network, and as contractors bring their machines into the network, PCs not registered with the domain can also be protected and managed from the same single console.

• Single console administration for endpoint data protection products
  Enterprises require common administration of data protection solutions, GuardianEdge enables common policy management, reporting, role-based administration, help desk, key management and other administrative actions for GuardianEdge applications (Hard Disk Encryption, Removable Storage Encryption, and Device Control) from the same single management console.

• Proven ease of operation
  GuardianEdge Removable Storage Encryption builds on a 13-year track record of success in creating and managing encryption solutions. It boasts the highest success rates on deployment, as well as a long list of satisfied blue chip customers. Additionally, service and support for GuardianEdge products—a key component of any enterprise-class solution—meets the highest standards for availability, customer satisfaction and expert assistance.

• The best data portability
  A complete endpoint data protection solution must deliver both the ability to encrypt data by policy on any storage device or media and a policy-driven capability to allow employees to safely transport and use data on portable media away from their office machines, and to securely distribute data via one-way distribution methods such as email.

  • Removable Storage encryption supports the industry’s most complete selection of storage devices and media.
  • GuardianEdge provides a policy-driven option to automatically install the Access Utility on removable media when writing encrypted data, so that users can use their credentials or passwords to access encrypted data from machines that do not have Removable Storage Encryption installed. This complete capability not only makes it possible decrypt the data but also to re-encrypt files once changes are made.
  • Accessing and re-encrypting data on machines without GuardianEdge Removable Storage Encrption is easy and familiar, using the same look and feel as Windows Explorer.
  • For circumstances when data needs to be distributed securely outside of an organization, Removable Storage Encryption includes the capability to create a self-extracting archive that can include a complete file and folder tree. This allows secure posting to FTP and network servers as well as distribution by email to meet this need.

• Non-disruptive user experience
  GuardianEdge delivers full protection with minimal intrusion into users’ daily use of their machines. This best-in-class user experience includes options for user registration that require little or no user interaction, capabilities to support kiosk mode operation with up to a 1000 users per machine. and shared workgroup keys that require no user intervention when data is written.

Removable Storage Encryption

1. Does GuardianEdge Removable Storage use a file-based or volume-based approach to protect data?
   GuardianEdge Removable Storage uses a file-based approach to encrypt data. Files are individually encrypted with their own randomly generated file encryption key. This is in contrast to a volume-based approach whereby all of the files on a device are encrypted as a single unit. Advantages of a file-based approach include the following:
   1. Flexibility for users to use a device for personal and work. File-based encryption allows employees to have their personal data that is saved from their home computers unencrypted on the same device as the data that is saved from their work computer that is forced to be encrypted.
   2. Enhanced security when devices are shared with one or more people – File-based encryption provides users the ability to set different passwords for different files, thereby providing others access only to the files that are intended for them. With volume-based encryption, on the other hand, there is only one password, and anyone that knows that password can access all of the files on a device.
2. Does GuardianEdge Removable Storage use a file-based or volume-based approach to protect data?
   GuardianEdge Removable Storage intercepts files read from and written to storage devices. For file reads, GuardianEdge Removable Storage will allow unencrypted files to be opened in a manner identical to how the files would be opened if GuardianEdge Removable Storage was not installed on the computer (provided there is not a No Access policy in place). For encrypted files, GuardianEdge Removable Storage will first try to decrypt the file using a workgroup key (if there is one), and then will try passwords that the user previously entered. If neither of these methods works, only then will GuardianEdge Removable Storage prompt the user to enter a password or, when combined with GuardianEdge Advanced Authentication, to insert a smart card or token to decrypt the file.
   
   When users write data to storage devices, GuardianEdge Removable Storage will intercept the write and, if a forced encryption policy is in place, will encrypt the file. Users will be prompted to enter a password and/or certificate(s) that will be used to protect the file encryption key, if they have not already set these.