Sophos SafeGuard: Full disk encryption product overview

Expert Karen Scarfone examines the features of Sophos SafeGuard, a full disk encryption product for laptops, desktops and servers.

This is part of a series on the top full disk encryption products and tools in the market. For more, check out our FDE product roundup.

The Sophos SafeGuard line of products includes a full disk encryption product for various desktop/laptop and server operating system (OS) hard drives. Full disk encryption (FDE), as the name implies, encrypts an entire hard drive. When the desktop, laptop or server is not booted, its contents -- including its operating system, applications and user data -- cannot be accessed by unauthorized users. This prevents attackers from tampering with the OS or applications and from acquiring sensitive data stored on the hard drive.

Many organizations mandate the use of FDE on all laptops, at a minimum, to prevent potential data breaches, and virtually any organization could benefit from using it .

Sophos SafeGuard product versions

Sophos SafeGuard comes in several forms:

  • SafeGuard Disk Encryption encompasses two types of FDE. First, it has the SafeGuard Native Device Encryption product, which supports management of native BitLocker (Windows) and FileVault 2 (Mac OS X) encryption capabilities. Second, it offers the SafeGuard Device Encryption for Sophos full disk encryption product, which does not rely on OS-native FDE capabilities. SafeGuard Disk Encryption for Windows is no longer available by itself -- only as part of the SafeGuard Enterprise Encryption bundle. SafeGuard Disk Encryption for Mac version 6.10 is still available.
  • SafeGuard Enterprise Encryption 6.10 is a bundled form of the SafeGuard products for organizations. SafeGuard Enterprise Encryption includes the SafeGuard Disk Encryption products described above, as well as the SafeGuard File Encryption product, which offers complementary file encryption capabilities that can be used in addition to FDE technology. As of this writing, SafeGuard Enterprise Encryption is the primary FDE product being sold by Sophos.
  • SafeGuard Easy 6.10 has most of the same capabilities as SafeGuard Enterprise Encryption, with the main difference being that SafeGuard Easy does not offer centralized management features, so it is best suited for individual users and the smallest organizations.

Platform support

Sophos SafeGuard Disk Encryption for Mac is supported by: Mac OS X 10.10, Mac OS X 10.9 and Mac OS X 10.8.

Sophos SafeGuard Enterprise Encryption is supported by the following OSes: Windows 8, Windows 7, Windows Vista, Windows XP and Windows Server 2008 and 2012.

Sophos SafeGuard Easy is supported by the following OSes: Windows 8, Windows 7, Windows Vista and Windows XP.

Encryption and authentication support

Sophos SafeGuard Enterprise Edition provides robust FDE through its support for Advanced Encryption Standard (AES) 128-bit and 256-bit encryption. As is the case with most enterprise FDE products, Sophos SafeGuard Enterprise Edition is Federal Information Processing Standard (FIPS) 140-2 compliant, meaning that it has been evaluated to determine how well its cryptography adheres to certain rigorous standards.

It is important to note that because Apple FileVault 2 only supports AES 128-bit and not AES 256-bit, using Sophos SafeGuard Disk Encryption for Mac, to manage a FileVault implementation, will necessarily be limited to 128-bit encryption. This is a weakness that may not be acceptable in higher-security environments.

Similar to other products in its class, Sophos SafeGuard Enterprise Edition supports Multifactor authentication, including the use of smart cards, cryptographic tokens, and other form factors. This generally provides much stronger authentication for FDE than simple password-based authentication, because of the increased likelihood of an attacker guessing a password or compromising it through social engineering, malware and other means.

An FDE product is only as strong as its weakest link, so its support for multifactor authentication is important.

Managing SafeGuard

Sophos SafeGuard Disk Encryption for Mac and Sophos SafeGuard Enterprise Encryption can be centrally managed. This is highly preferable in all but the smallest organizations.

The alternative to central management -- i.e., local management -- is supported by Sophos SafeGuard Easy Encryption. This means Easy Encryption is best suited for individuals and the smallest enterprises.

Licensing and pricing

Sophos SafeGuard Enterprise is licensed per device, such as desktop, laptop or server. It is available from retail outlets.

Examples of Sophos SafeGuard Enterprise 6.10 retail pricing:

 

Examples of Sophos SafeGuard Disk Encryption for Mac 6.10 retail pricing:

Sophos SafeGuard Enterprise offers a free 30-day trial version.

Sophos SafeGuard a viable option for all

The Sophos SafeGuard family of products offers FDE software for Windows and Mac OS X desktops and laptops, as well as Windows servers. These tools are useful for individuals and for organizations of all sizes.

The Windows products offer the same encryption and authentication options as competing products do, while the Mac product offers the Mac OS X-native encryption strength, AES 128-bit, which may be considered too weak for some organizations.

In summary, the Sophos SafeGuard products should be considered a viable option for individuals and organizations seeking an FDE product.

Next Steps

Get more reviews of other full disk encryption products featured in this series: McAfee Complete Data Protection, Symantec Endpoint Encryption, Microsoft BitLocker, Dell Data Protection | Encryption, Check Point Full Disk Encryption, DiskCryptor and Apple FileVault 2.

Expert Michele Chubirka discusses the recent Adobe password breach, and the pros and cons of using encryption vs. hashing for password security.

Which full disk encryption product is right for your organization? Expert Karen Scarfone examines.

Find out if full-disk server encryption software is worth the resource overhead

Dig Deeper on Data security and privacy