To help organizations protect their systems, protect their data, and meet their compliance audits, StormShield offers end-to-end encryption capabilities by combining pre-boot full disk encryption with post-boot, on-the-fly file-based encryption – all in a single, lightweight client. Both methods utilize strong AES-128/-192/-256 technology to provide transparent encryption/decryption of the disk, files and folders stored on the endpoint hard drive, ensuring data protection at all times - regardless of who is using the system. The centrally-managed encryption policy can be applied to specific users or systems, the entire hard drive, removable devices such as a mass storage USB device, and specific files/folders. And…there is no need to add another agent to benefit from both protection methods. 

StormShield’s full-disk encryption provides pre-boot whole disk protection, preventing unauthorized access to the data, even if the device is lost or stolen and/or the drive is removed from the device. This first layer of defense gives organizations the peace of mind that any data stored on the lost or stolen systems is secure from unauthorized access. This gives organizations the ability to ‘tick’ the encryption checkbox, supporting their various internal and regulatory policy audits for regulations such as California SB-1386, FISMA, SOX, HIPAA, and the Nevada Privacy Law NRS 597.970. This first layer of defense is extremely valuable, but as an only layer of defense for an organizations mobile data, a company’s information can still be at risk as the data stored on the disk is decrypted once the user logs in and does not directly address the movement of data to a removable device such as a USB key. 

To address this risk, StormShield takes its data protection to the next level, providing policy-based and user-oriented encryption capabilities. Through its centralized risk-based policy management and native Active Directory integration, StormShield’s file-based encryption allows multiple users of a machine to access only their data, including the availability of an administration password to be used by IT for system maintenance, eliminating the need to provide IT with the CEO’s user password just to update the latest Windows patch. 

File-Based Encryption 

StormShield’s on-the-fly file-based encryption policies are centrally managed by the StormShield administrator, where risk-based policies can be defined to control where encryption/decryption takes place. The encryption can be applied based on Active Directory user attributes and folder/file types, and can include the ability to limit encryption to cover only sensitive folders, such as the “My Documents” subfolders. 

In addition to the centrally-controlled encryption policy, StormShield can also be configured to allow/disallow users to create password-protected encrypted containers. This will allow them to securely transfer protected data between systems. StormShield policy can also be set to allow/disallow decryption of the protected data on a system not associated with the user, or even a remote, home PC that is not running the StormShield client. Where the policy warrants, organizations can allow the use of the StormShield Express Encryption tool for remote encryption/decryption. 

In addition to its native Windows and Active Directory authentication capabilities, both methods of StormShield’s encryption/decryption can leverage a secondary authentication process – or even the addition a strong, smart-card authentication system such as Gemalto's Gemsafe or Thalès' Minicita. 

And when the time comes to securely delete information, StormShield data protection capabilities are reinforced through secure file shredding, and swap file cleaning.

StormShield gives you:

• Single client, full disk and file-based encryption; integrated fixed drive, removable drive, and file-based protection
• Extremely fast, transparent encryption and decryption
• Integration with Windows Active Directory, GPO, and Windows authentication
• Two secured authentication methods: secondary and smart-card authentication
• Confidence through the use of the stringent AES-128/-192/-256 encryption standard
• Multi-user control, ensuring data protection between users and IT staff
• Integration with StormShield's Device Control System controls portable device access and enforces portable storage encryption
• Centrally-managed policy and/or user-based encrypted archives
• Data protection even within the OS swap files
• Secure file erasure/wipe
• Accreditation for the FIPS 140-2 standard as being delivered by ICSA Labs