SecureDoc Enterprise Server
What it does
Provides enterprise-class centralized administration and management for SecureDoc-encrypted laptops, desktops and other endpoints.
How it works
A powerful enterprise console enables the configuration of users, groups and profiles as well as key management. Secure communication with endpoints through SDConnex enables the implementation, management and support of tens of thousands of users.
Encryption is always, at some level, a disruptive technology. Good encryption solutions minimize this disruption, but in order to achieve a level of security and to protect sensitive data there will be some disruption to normal work-flows. Multiplying this disruption across a hundred users or tens of thousands of users can cause a rapidly escalating total cost of ownership for the encryption solution (as well as a significant headache for IT and security staff). An encryption solution that is “good enough” for one laptop or a small group can become a liability when deployed across an enterprise.
SecureDoc Enterprise Server (SES) is designed to address the needs of administrators managing encryption across an enterprise. SES has driven the successful implementation, rollout and ongoing maintenance of SecureDoc for leading organizations around the world. The central console provides control over all aspects of the SecureDoc solution including Windows, Mac and Linux clients, Seagate Momentus FDE drives, file & folder encryption, removable media (CD/DVD/USB) and port control functionality.
SES Features
Powerful and configurable central management console
Integration with Active Directory
Key and policy management including PKI support
Transaction logging and encryption status reports
SES Benefits
Highly scalable for large deployments
Audit trails and reporting for compliance
Distributable administration
Low total cost of ownership and operations
Deployments Made Easy
SES gives administrators the power to create installation packages for the users, which can be published using standard tools. Updates can be published in the same way, reducing the time and effort required to maintain the solution.
Distributable User Management
Users can be grouped into configurable roles and folders for ease of management. Administrator control can be assigned to groups for individualized control.
Key Management
Key management is made simple with an encrypted database to store/escrow all keys for encrypted endpoints managed by SES. This permits the secure recovery of keys and data for endpoints across the enterprise in the event of lost/forgotten passwords, departed employees and so on. A unique role and identity-based key labelling system offers greatly increased flexibility over the management of large numbers of keyfiles (especially in shared environments).
Policy & Profile Management
A flexible and configurable range of policy options can be set for the users and profiles on the SES system, including password requirements, self-help options, update/connection frequency, and more.
User Support & Password Recovery
In the event of lost tokens or forgotten passwords, self-help and/or helpdesk-based challenge-response options simplify password recovery without sacrificing security. Recovery options provide a one-time-use key unlock password after alternate authentication is made.
Audit and Tracking
User and administrator actions are stored in audit logs. The encryption status of all endpoint devices is tracked in the SES console, providing proof of encryption. A range of reports is available to review the status and details of encrypted and unencrypted devices under management, the usage of the system, and other information.
Remote Control
With SES, you can remotely control any client device in the system. You can add users and auto-boot, reboot, lock down or crypto-erase endpoint devices. This degree of control adds greatly to the security of the overall system and reduces administrative overhead because you don’t have to go and ‘physically touch’ each machine to perform these activities. Remote control is typically used with client devices connected to the server but can also be applied to offline devices, initiating remote control the next time the device is connected to the network.
