products
clouds

Internal disk

Envault™ Internal Disk Protection

Dependable hard disk encryption that doesn’t turn your laptops into bricks

Envault™ Internal Disk Protection helps you protect confidential information on PCs’ hard disks against unauthorized access. It works 100% transparently to the user, so you can deploy it without any user training.

Unlike traditional solutions, Envault lets you smartly target the protection to a specified section of the drive – to protect the valuable information and user files – the operating system can be left unprotected. Users get write access only on the protected areas.

No password recovery processes needed – AD login can be used

You can use regular Windows Active Directory login or a smart card for authenticating end-users on your computers. Envault encryption decouples user authentication from encryption key management, making it possible to track, audit and remotely control the use of your information assets. The encryption is thus also never based on weak user passwords such as “password” or “123456″.

In case a user forgets his or her Windows password, a normal AD password reset is enough to get him or her back to speed – so there is no need for complicated password recovery processes, and you have a single point of user and computer management: The AD.

Smart, targeted disk encryption allows your computers to stay responsive and manageable

Each day you will save time and money as your computers boot up as quickly and run as smoothly as new. This is becaues Envault does not encrypt the operating system or other overhead – just the payload.

In addition, the machines remain easy for your IT admins to maintain, backup and restore – even if the hardware or operating system fails, the envaulted files can be simply moved to another hard disk. In legacy full disk encryption solutions any hardware or operating system failure could mean that your data is practically lost.

Key benefits:

  1. Easy deployment and administration: Server runs on virtual platforms, and client deploys by a silent MSI installation Encryption rules are flexibly managed through Active Directory Group Policies (ADM template).
  2. Easy to use: No user training is required as the encryption is transparent to users and protected PC works just as before.
  3. Centralized key management – no password recovery required: FragmentVault server centrally manages the encryption keys per file. AD login/password combination is used for user authentication. Lost password can be reset through AD.
  4. High performance & manageability: Computer boots up quickly and stays responsive as the operating system is not encrypted. System maintenance, backup or restore is easy, as your IT admins can login to Windows with local admin credentials yet cannot open your protected documents in a readable form.
  5. Data-centric, not hardware-centric: We help you protect and control what’s important – the payload, not the disk hardware itself.
  6. All the above mean a low Total Cost of Ownership (TCO): License cost is only a part of the lifecycle cost of any solution. Envault makes sure that any overhead is left to minimum, so you won’t be paying indirectly for using Envault.

Key features:

  • Automatic and policy-based encryption for targeted contents
  • Active Directory and smart card Single-Sign-On user authentication
  • Centralized access control & secret key management
  • Remote suspend/kill for disk contents
  • Full audit trail in both online and offline use
  • Can be combined with Envault Removable Media Protection and other Envault security products