WinMagic’s SecureDoc works in real time to help you bring clarity and control to encryption key management and compliance, helping you govern and protect your whole workforce across your IT estate.
Not only does it overcome pre-boot complexity, make your compliance controls tamperproof and remove threats posed by removable media, SecureDoc also helps safeguard precious BitLocker keys and other encryption keys
Safeguard your BitLocker keys
Regulators have quickly woken up to the need to not just protect data using encryption, but to also protect the encryption key itself. In fact, HIPAA, PCI DSS and other Breach Notification Laws now demand that businesses document and implement procedures to protect the encryption keys used to secure data against disclosure.
Critically, and quite rightly, if BitLocker keys or any other encryption keys are lost with the data, that is now considered a compliance breach. That leaves your organization vulnerable to reputational damage as well as all sorts of stiff penalties — in the case of GDPR, up to 4% of global annual turnover.
Your IT management team may not realize that Active Directory (AD) stores recovery keys and information in plain text, which leaves them open to unauthorized access, loss or exposure. The MBAM controls that come with Windows 10 Enterprise can store BitLocker keys in an encrypted database, but a reliance on AD and Group Policy (GPO) can really complicate the separation of duties between AD admins and security teams and create more IT headaches than it solves.
WinMagic’s SecureDoc Enterprise Server ensures all BitLocker keys and other key-related material is stored in an encrypted database.
Our unique PBConnex feature can even ensure that BitLocker keys are never stored on devices at all. Instead it delivers the encryption key over the network at pre-boot and then discards it when the device shuts down or reboots.
Role-based Access Controls (RBAC) allows businesses to isolate certain controls to specific named admins, thereby reducing the potential for rogue administrators or malicious insiders.
Take it to the cloud, and SecureDoc CloudVM for BitLocker ensures that enterprise controlled authentication protects keys and data from potential exposure to the cloud Service Provider or its tenants without your knowledge and mandate ¬– so you stay in charge of your data, at all times. It also helps you safeguard against error or attack from privileged insiders.