Data Encryption

Protecting your company's data

ITVantage is proud to announce the addition of Sophos SafeGuard Enterprise encryption services to our service offering!
Sophos is a proven industry leader.

  • Forrester Research’s evaluations ranked Sophos SafeGuard #1 among competitors.
  • Gartner has recognized Sophos as the leader for the seventh year in a row.
  • Sophos also ranks #1 in fastest solution for disk encryption and lowest impact on boot up performance by Tolly.

What is Encryption?

Encryption is a physical security layer. It protects information by scrambling information in a format that is unreadable by unauthorized users.It’s helpful to think about it like this: when you encrypt data you are storing it like you would money in a safe – you need a key to unlock the safe to get the money out.

There are two methods of encryption, Full-disk encryption (FDE) and File encryption. FDE encrypts all contents of your devices physical hard drive. File encryption encrypts a single file and unlike FDE, the file remains encrypted even when it’s moved.

What are the benefits of Encryption?

  • Peach of Mind, Reputation and Credibility – know your data is safe and protected. Stop leaving the keys to your business under the welcome mat.
  • Securely encrypted data is completely protected, even if it is stolen. Why? If, for example, a file is encrypted with 256-bit AES, it would take a hacker more than a lifetime to crack the code using the brute-force method. Even the hacker’s grandchildren wouldn’t live long enough to successfully decode the information.
  • HIPAA HITECH Regulations mandate protection of healthcare information.  Encrypted devices that are lost or stolen do not have to be reported.  Mitigating costly fines and penalties for HIPAA violations. In addition to continuing financial support services like identify theft management for compromised clients.

SafeGuard Service Advantages

  • Centralized Management and control: define and manage data protection policies and rules
  • Seamless integration with existing Domain Security accounts
  • Unique encryption keys: each device is given its own dedicated and unique encryption key; no two keys are alike for any device.
  • Managed device encryption deployment
  • Encryption keys are stored in secure vault
  • Reporting and auditing: know what’s encrypted and proof of encryption
  • Client Management Portal available
  • Flexible solution – Full Disk or File/folder encryption layers

Requirements for Encryption?

Seamless integration of encryption services requires a TPM or Trusted Platform Module.  This is a dedicated microprocessor that works at the hardware level with Sophos SafeGuard technology. This module is included in 95% of devices acquired through ITVantage. During your implementation we will discover any devices without TPM units built in.

What if my device does not have a TPM unit, will encryption still work?

Sophos can still secure your data. However, the TPM unit provides a seamless security handshake between Sophos and the device’s hardware.  Without the TPM, each time the device is restarted a password is required to be entered by the end user to complete that security handshake manually.  This also hinders our active Anti-Virus and Patch Management solutions.  Weekly updates to these solutions require device reboots to complete installation of security patches and Anti-Virus software updates. After the device reboots, users will be required to type in their encryption password and possibly wait while security updates are applied.

What if I do not want my users typing in two passwords, can I add a TPM unit to my device?

Continually having to type an additional password when starting or restarting a device can be annoying and cumbersome. TPM units are built into the motherboard of the device. Since most modern business class devices include TPM units we will evaluate the age, make and model of any devices found without TPM units and make a recommendation during implementation.

What data should be encrypted?

Typically, this includes employee/HR data, financial records, customer information, point of sale data, health information and anything else that can be useful to an attacker.

What Encryption isn’t

Encryption is not a substitute for bad password policies. Encryption is a physical level security service. If users use unsafe and common passwords like “Password1” data can still be taken. We highly recommend reviewing your password policy repeatedly to ensure users know what a complex password is and avoid using common or passwords that can be easily brute forced.

What Our Clients Say

  • Thank you guys for everything this week! I know it’s been hectic but you guys always pull through with us. Have a great day!!

    Real Estate Client

  • You guys are the best. After all these years of screwing around with other IT services that made things worse half the time, you guys came along and renewed my faith!

    E Commerce Client

  • Very happy with the service, when we call, everything is addressed on a timely basis… Thank you all for your help…

    Eye Care Client

  • I have always found the assistance provided to be absolutely fantastic – very professional and friendly.

    Financial Services Client