Introducing CryptoPro Secure Disk
Top-Class, Reliable IT Security Solutions
Indeed some important and necessary product properties are missing in BitLocker to guarantee and enable a smoothly operation, especially for travelling users, in an enterprise environment. The goal of the BitLocker enhancement Secure Disk is, to simplify processes in the area of administration, software deployment and Helpdesk to rescue operation costs and the same time to guarantee a higher security and availability of the endpoints. Cryptware´s BitLocker enhancement technology close the gap between the customer requirements of a modern and secure full disk encryption solution and the native BitLocker.
Pre-boot Authentication for Microsoft BitLocker
CryptoPro Secure Disk for BitLocker extends the functionality of Microsoft BitLocker with its own PreBoot authentication (PBA) and thus enables the use of established authentication methods, e.g. user ID / password, SmartCard / PIN and biometrics for multi-user operation. HelpDesk scenarios and software distribution processes can also continue to be mapped in the usual way.
Crypto Pro Secure Disk is a transparent full disk encryption (FDE) for laptops, desktops and ATMs with network support in the pre-boot phase. With CryptoPro Secure Disk, continue to map software distribution processes in the usual way.
CryptoPro Secure Disk : Functions overview
Encryption and Authentication Solutions for Corporate Data
Protect crucial data from unauthorized access and help company employees deal with sensitive information!
Secure Disk PBA Architecture
The individual modules of the pre-boot operating system, which can be used in the UEFI mode and in the LINUX mode “hybrid”. A wide variety of authentication methods are available to the user. In order to prevent another login to Windows, the user can be automatically logged on to Windows using Single SignOn (SSO).
Secure Disk Infrastructure
The central management console of Secure Disk based on Microsoft SQL. The database has read access to the Active Directory in order to record the domain structure and OUs. The security rules are now defined with different roles and rights using consoles. Communication between the individual components and the client / agent is encrypted.
Load Balancing / Resilience
The Secure Disk Services communicate with each other through simple and scalable system features. Without additional hardware-based load balancers, the system can be adapted to the most varied of company sizes and global infrastructures.
- Unique pre-boot-technology (Linux and UEFI based PBA ) for BitLocker enables: – Multi-user operation with name/pw und 2FA – Single Sign On to Windows – Network Unlock (network based authentication) – Offline und Online HelpDesk mit Challenge- Response.
- Secure operation of BitLocker without TPM (China, Russia…).
- Client capability of the central management console include BitLocker encryption enforcement.
- Simple software deployment without any restriction without the need to change existing processes.
- No transfer of recovery-key´s to end users in case of forgotten authentication credentials in the Pre Boot.
- Roaming User, every user is able to work/login on every windows endpoint with his own windows credentials.
- Automatic user registration in the PBA (similar to Windows).
- Network Unlock Mode incl. support of WLAN and 802.1x.
- Simple client installation without changes at the existing and running BitLocker configuration.
- Dashboard for compliance reports und encryption status of the endpoints.
- No multi-user support in the Pre Boot.
- No single Sign On.
- No 2FA support in the Pre Boot.
- No authentication with Windows credentials in the Pre Boot.
- No client capability for the central administration.
- No offline HelpDesk, in case of forgotten TPM-PIN.
- No solution in case of forgotten Windows passwords in offline situation.
- Network Unlock Mode: no support of WLAN or 802.1x.
Disadvantages in Operations
- High operation costs in case of forgotten TPM-PIN or blocked TPM.
- Issuing of recovery key´s to end in case of forgotten TPM-PIN.
- Increased effort for software deployment (WOL) without user interaction and silent operation.
- No secure native BitLocker operation without TPM module.
- Double authentication, because of missing single Sign On function.
- General known hacks for BitLocker operation without TPM-PIN.
Frequently Asked Questions
What is CryptoPro Secure Disk for Bitlocker?
What are the benefits of this solution?
● Network based PBA allows direct access to Microsoft Active Directory/LDAP
● Registration and Single Sign On with Microsoft Credentials reduce help desk calls
● Network-Unlock Mode allows the operation without PBA
● Cost reduction through optimized operating processes
Which Platform Servers are supported ?
● Windows Server 2012
● Windows SQL Server
● VM Ware
Which operating systems are supported for Clients?
● Windows 10 (32 und 64 Bit, UEFI Support)
● Windows 8.1 (32 und 64 Bit, UEFI Support)
● Windows 7 (32 and 64 Bit)
● Windows Vista (32 and 64 Bit)
● Windows XP (32 and 64 bit, SP3
How do I install CryptoPro Security Disk Plus for BitLocker?
Being the Swiss Partner of ManageEngine, Kidan is responsible for aiding with professional services, such as installing, implementing, configuring, training, and supporting the company to ensure an effective on-boarding of CryptoPro Security Disk for BitLocker .To make it even better, Kidan even provides advice on top of it all!
Get in touch with us to know more.
Want to continue the conversation?
Thank you for your interest in CryptoPro Secure Disk. Please fill out the form below to ask a question or request assistance.