5 Challenges Venafi Can Help You Overcome Deploying EFS

Overview

Venafi has worked with some of the world's leading organizations to help them develop a plan to use EFS to meet their client data protection needs. After working with several different firms. Venafi developed a solution to meet the 5 most important outside functions necessary in order to ensure a successful EFS deployment. The result is an enterprise-ready client data protection solution that is closely aligned with an organization's long-term Windows desktop strategy at a fraction of the cost of a proprietary disk encryption solution.

Following are the 5 issues Venafi solves:

• 

  No centralized management for EFS.

  Issue Summary: In order to implement EFS, an administrator must turn on EFS for each folder that is to be encrypted. For organizations with large populations of desktops, this is typically done with scripts. Developing and maintaining these can be difficult and costly. Assessing whether the scripts ran properly on the target system is impossible without manually checking and if the configuration policy ever changes (which it very often does), the scripts have to be rewritten and re-executed.

  Solution: Venafi allows for centralized configuration management, where administrators can define different policies for which folders will be encrypted and which will not. These policies can be assigned to users based on group policy objects. Anytime you change your policy, the Venafi system automatically executes policy changes in real-time on the appropriate desktop systems, making it simple to reconfigure thousands of desktops with the click of a button.

• 

  Can't stop users from turning EFS off.

  Issue Summary: With EFS, any user can turn off encryption on any file at any time, making it difficult or impossible to ensure corporate data is in fact encrypted at the time of a breach or theft.

  Solution: Venafi prevents users from turning off encryption and enforces configuration policy. The agent also disables the ability for users to turn off encryption through the user interface.

• 

  EFS key recovery time-intensive.

  Issue Summary: One of the most costly challenges organizations face is restoring damaged and deleted user keys. If keys can be recovered, it requires a significant amount of help desk time, and enduser downtime.

  Solution: Venafi provides automatic, seamless backup and recovery of keys, which reduces or eliminates certificate-related help desk calls.

• 

  No logs to demonstrate that data was encrypted.

  Issue Summary: When it comes time to determine whether the data on a stolen laptop or desktop was encrypted, there is no way of demonstrating what was encrypted or when it was encrypted. With current breach notification laws, if an organization doesn't know the data is encrypted, it must send out notifications.

  Solution: Venafi logs which folders were encrypted on which systems and when.

• 

  No integration with your existing certificate authority.

  Issue Summary: For organizations who want to use another CA other than Microsoft, installing the certificate, configuring EFS to use it and managing the lifecycle of the certificate are all manual processes.

  Solution: Venafi provides automated issuance and management of EFS certificates from the leading CAs, including VeriSign, Microsoft, Entrust and Cybertrust. Venafi gets the certificate, installs it on the machine, configures EFS to use it and automatically renews it each time it requires renewal.

Venafi Client Encryption Manager for Windows EFS helps you overcome all of these challenges and more. To request a live demo of Venafi Client Encryption Manager, please complete the demo request form on the next page.