ZENworks Full Disk Encryption

Automated Data Protection Software

Get automated data protection that locks out threats.
Take the pain out of managing encrypted laptops and desktops

How many encrypted devices does it take to run an enterprise? No joke. How many do you manage right now? Hundreds? Thousands? Tens of thousands?

However many devices you manage, multiply each one by everything you have to do when it comes to encryption. Install the software. Set the policies. Reset the passwords (because you know how often users forget them).

The cost of doing this manually—having to touch every device in an enterprise—can bleed profits right out of the bottom line.

And while there are automated solutions out there, most of them force you into infrastructure changes you don't want to make—adding servers, agents, new consoles, and new processes your IT staff has to learn. They cost a lot. They take a lot of time to learn. And they don't do half as much.

ZENworks® Full Disk Encryption takes the pain out of managing encrypted devices. The unified ZENworks Control Center is a web-based console you can use any time, from anywhere. With it, you can deploy encryption to devices, manage access, turn encryption on and off, and troubleshoot problems—all without leaving your office.

The power of ZENworks Full Disk Encryption

No flying, no driving, no travel costs. That's the power of ZENworks Full Disk Encryption. It's the only encryption solution on the market that gives you so much control. Features include:

  • Preboot authentication is set and managed based on user identity in the primary directory structure (Microsoft Active Directory and/or Micro Focus eDirectory)
  • Push-button deployment pushes encryption software onto the device—no need to manually install encryption onto a device.
  • Choose one of two authentication methods: user and password, or smart card.
  • Assign the software-based algorithms you trust:
    • AES 265
    • Triple DES
    • Blowfish
  • Designate intruder lock-out policies from the start—and change them as needed.
  • Define what gets encrypted—specific volumes or everything on a given device.
  • Troubleshoot lost or forgotten passwords through centralized key management that validates users based on a secure combination of challenges, codes, and keys.
  • IT always holds the current key to any encryption operation. Each time a device performs an encryption operation that has a key, the device sends that key to the server to ensure the help desk always has the current key.
  • To reset a password, IT takes users through a challenge sequence. Once IT validates the user's identity, they send the user a code that unlocks the password.
  • Manage both hardware and software encryption methods seamlessly. A centralized console and agent-driven process automatically resolves any difference between hardware and software management, transparent to both administrators and users.
  • Turn on or shut down user access instantly from the web-based console.
  • Decommission encryption temporarily or permanently:
    • Temporary decommission. When users leave your employ, you keep their devices for later use. Temporary decommission allows you to remove the preboot authentication from those devices until they are ready to be used again. IT can reactivate the preboot authentication process, with new credentials, for the new user.
    • Permanent decommission. When you're scrapping a machine, all traces of data can be securely and completely wiped from the device, making the data unrecoverable.
  • 1:1 device/user relationship. Each device is paired to a specific user. IT can change which user the device is assigned to, but the relationship will always be 1:1.
  • Emergency recovery. If a hard drive is damaged or won't boot, IT can physically pull data off of the disk, using a stored key encrypted with a random password. Hackers are locked out, but IT is not. No other encryption solution allows for emergency data recovery—typically the data is simply lost along with the device.