Data Protection
Suggest, discuss, and vote on new ideas for Sophos Data Protection products. Protecting your data, wherever it goes.
-
windows 10 poa
Implement Windows 10 POA with Smartcards like in Windows 7. Only the BitLocker PIN is not Enterprise ready in my humble opinion..
54 votes -
SGN8: application based encryption: prevention of decryption
With SGN8 and application based encryption users also have the possibilty to manually decrypt encrypted files or to create password protected HTML5 containers (which has the same effect) by using the context menue. One of the first questions customers ask us: can I prevent users from doing this?
Actually I can't. So the feature request is: policy based elimination of the possibility to manually decrypt encrypted files to prevent data leakage.48 votesThis is currently planned for the release after SGN 8.1.
-
Enable User Switching?
Didn't catch this lack of support of a basic Windows feature until launching our wide rollout to the hospital PCs. Disabling U.S. might be fine in enterprise large office environments where a cube-dweller uses their dedicated PC for an 8 hour shift. But your product strangles a feature that's ingrained in smaller medical / industrial / retail PC usage. Without U.S. ability, using SafeGuard means a nurse has to close their apps (usually an EMR, Radiology, Lab reports web-view, security system monitor, etc.) and log out completely every time she has to leave the station to bring a new mother…
46 votes -
Please add YubiKey to the supported smartcards
Could you please add YubiKeys to your supported smartcards as it's a convient smartcard with multiple use cases. e.g. certificate based user authentication, otp functionality, code signing
43 votes -
Support for Central Device Encryption on Server platforms
Manage BitLocker on Server platforms and also support a cost-effective decommissioning process of drives.
43 votesThanks for the feedback. This is something we are considering for future versions.
-
Define Password Complexity from Central
Please add some more Bitlocker configuration possibilities, like the option to configure the password complexity, as described here:
http://windowsitpro.com/security/q-how-can-i-set-password-complexity-removable-bitlocker-protected-devices36 votesThis is on the backlog for a future release.
We can’t control the GPO settings for the password complexity which means that if the Admin overrides password rules via central GPO settings then we can’t enforce the Central Device Encryption password rules on the endpoint. However, if there are no password rules defined via GPO, the Central Device Encryption password rules will apply. -
Microsoft Edge
Support Microsoft Edge as a Browser Destination for DLP. This is the default browser for Windows 10, and it cannot be removed.
The browser destination features of DLP are severely limited without this.
33 votes -
network aware POA
Ability to have Network Aware POA on machines (especially BitLocker as there is no user-based POA).
Many customers need the ability to disable POA on devices in the office - for example shared machines. If the device is stolen, then POA should be enabled immediately. We are currently working on a 3,000 user company with Call Centre who love what we can do in Win7 but need a comparable approach for BitLocker managed machines.
This would apply for Central as well however we have a larger SGN deployment base today so SGN is the most important starting place.
32 votes -
create the password-protected file with the expiry date
I got a lot of requests that Sophos should has this feature.
while creating the password-protected file, Sophos should have the ability to set the expiry date in order to protect the file that sending out of the office.
30 votes -
Support for BitLocker To Go
Manage full disk encryption on removable media by introducing a new policy setting for BitLocker To Go.
28 votes -
Filestream Google
Although Google Drive Encryption files is supported by Sophos, FileStream it is not. It would liberate resources from computer as it is not mandatory to have files downloaded. As Safe Guard 8.1 encrypts files in local it doesn't work with this cloud resource.
Dropbox has a similar resource.23 votes -
Windows Lockscreen Configuration
At the moment it is not possible to configure the windows 10 locksreen if Safeguad is installed.
Please make it possible to let the admin choose if it is possible or not.
Best would be to configure it via Windos GPO. To configure it via Safeguard policy would be an alternative way.22 votes -
Bitlocker GPO/Policy-RSOP-Tool
Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption
It is possible, that SafeGuard (or Central) Policies collide with Bitlocker GPO without recognizing it.
It might be confusing to separate SGN local cache values with Bitlocker registry-entries.A simple Client tool should match HKEYLOCALMACHINE\SOFTWARE\Policies\Microsoft\FVE with die LC-Policies and create a *.xml into %ALLUSERSPROFILE%\Utimaco\SafeGuard Enterprise\
In this folder the log is automatically gathered by the SDU without changing and can be used even on older SG-versions.
The shortly described values should be matched as a simple "match"/"mismatch"/"not configured" to easily see possible configuration errors.
The tool is independent from the client itself…
17 votes -
Official support for VMWare Horizon (former VMWare VDI)
Customer switch its desktop environment to VDI environment. They need official support for this VDI platform.
16 votes -
Filestream Google
Although Google Drive Encryption files is supported by Sophos, FileStream it is not. It would liberate resources from computer as it is not mandatory to have files downloaded. As Safe Guard 8.1 encrypts files in local it doesn't work with this cloud resource.
Dropbox has a similar resource.16 votes -
Support Apple Open Directory with SGN
OSX client based on Apple Open Directory should be fully manageable with the SGN Management Center.
FileVault2 and File Encryption policy should be fully applicable for those kinds of objects (machines and users).
Use cases like re-image of client or re-name of user should be part of implementation.15 votes -
DLP for Mac
According to support, DPL policies do not work on Macs. I tested it and unfortunately, they are correct. This is a great feature and needs to be rolled out to Macs.
15 votes -
Allow Mass Verification of Key Presence in SGN Database
There should be a process, field, alert, literally ANYTHING that allows us to check, en masse, the presence of a valid recovery key. The only way to make sure that a valid key exists is to check the machines manually.
We have had issues with Surfaces, where the key becomes corrupted or lost or something, and we don't realize there is a problem until we have to actually do a recovery.
Other products have an alert or something that says when a client is in a state that isn't optimal. SGN does not. It should be easy to query the…
14 votes -
Add SGN 8 policy to automatically Decrypt outbound Outlook file attachments
SGN 8 Synchronized Encryption requires an add-in to manually specify that outbound attachments should be decrypted, or encrypted with a password, or sent as is, but this is not necessary or desirable if there is already an email encryption system in place. I don't want to have to force my users to decision each attachment with SGN when I already have a better email encryption solution in place. There should be auto-decrypt zones such as "outbound outlook attachments".
13 votes -
Ubuntu
to allow the encryption and management of Ubuntu workstation as part of SafeGuard Enterprise
13 votes
- Don't see your idea?