ZENworks® ESM 3.5 Administrator’s Manual 59
ZENworks Storage Encryption Solution
ZENworks Storage Encryption Solution (SES) provides complete, centralized security
management of all mobile data by actively enforcing a corporate encryption policy on the
endpoint itself.
• Centrally create, distribute, enforce, and audit encryption policies on all endpoints and
removable storage devices
• Encrypt all files saved to, or copied to, a specific directory on all fixed disc partitions
on the hard drive
• Encrypt all files copied to removable storage devices
• Share files freely within an organization while blocking unauthorized access to files
• Share password-protected, encrypted files with people outside the organization
through an available decryption utility
• Easily update, backup, and recover keys via policy without losing data
Understanding Storage Encryption Solution
Data encryption is enforced through the creation and distribution of data encryption security
policies. Sensitive data on the endpoint can be stored in a safe, encrypted folder. The end-user can
access and copy this data outside of the encrypted folder and share the files, however while in that
folder, the data will remain encrypted. Attempts to read the data by anyone who is not an
authorized user for that machine will be unsuccessful. When the policy is activated, an encrypted
“Safe Harbor” folder will be added to the root directory of all fixed-disk drives on the endpoint.
Sensitive data placed on a thumbdrive or other removable media device will be immediately
encrypted, and can only be read on the machines in the same policy group. A sharing folder can
optionally be activated, which will allow the user to share the files with persons outside their
policy group via a password (see “Data Encryption” on page 98).
Sharing Encrypted Files
Users within the same policy group (i.e., those users who have received the same security policy),
will have the keys to access data stored on the endpoint, as well as data moved onto thumbdrives
and other removable devices.
Users within a separate policy group (with encryption activated), will be able to access encrypted
data placed in the “Shared Files” folder with an access password. These users will not be able to
read encrypted files that are outside the “Shared Files” folder.
Users who do not have encryption enabled within their policy and users who do not have a
ZENworks Security Client installed on their computer (e.g., outside contractors), will not be able
to read files outside the “Shared Files” folder, and will require the Novell File Decryption Utility
to read the files with password access.
