WinMagic SecureDoc: Full-disk encryption product overview
Expert Karen Scarfone examines the features of WinMagic's SecureDoc, a full-disk encryption product for laptops, desktops, mobile devices and servers.
The WinMagic SecureDoc series of products provides full-disk encryption capabilities for a variety of devices, including desktops, laptops, mobile devices, and physical and virtual servers. The purpose of full-disk encryption is to safeguard all data stored on a hard drive so that only a person who is authorized can gain access to the data by decrypting it. For example, if an unauthorized person steals a server hard drive, that person could not decrypt the data stored on that hard drive and thus could not access the data.
Product versions and platform support
WinMagic SecureDoc is available in several versions that each provides full-disk encryption capabilities for a particular platform or hardware vendor:
- SecureDoc for Servers -- Windows Server 2008 and 2012
- SecureDoc CloudVM -- Amazon Web Services, Microsoft Azure, Citrix XenServer, Microsoft System Center (Hyper-V), and VMware vSphere
- SecureDoc for Windows -- Windows 7, 8 and 10
- SecureDoc for FileVault 2 & iOS -- Mac OS X 10.7.5 through 10.11
- SecureDoc for Lenovo -- ThinkPad laptops, ThinkCentre desktops
- SecureDoc for HP -- any HP device running HP Drive Encryption
Deployments of all these SecureDoc versions can be centrally managed by the SecureDoc Enterprise Server product.
Encryption and authentication support
The WinMagic SecureDoc series of products uses the Advanced Encryption Standard encryption algorithm with 256-bit keys. The use of AES 256-bit keys is generally recommended to thwart both current and future threats. The WinMagic SecureDoc products have also earned Federal Information Processing Standard 140-2 certification. This certification indicates that the products have been evaluated by a neutral testing laboratory to confirm their compliance with federal government cryptographic standards.
WinMagic SecureDoc supports a variety of authentication options, as is typical for enterprise full-disk encryption products. Single-factor password-based authentication is available, although its use has serious weaknesses that would place the protected device at considerable risk. Instead, use of multifactor authentication is encouraged, and WinMagic SecureDoc supports the use of smart cards and cryptographic tokens, as well as synchronization with Active Directory to facilitate easier credential management.
Management
Individual, local management of some WinMagic SecureDoc implementations is possible, but for most organizations, centralized management is far more efficient and effective. WinMagic's centralized management product is the SecureDoc Enterprise Server; it is only intended for managing SecureDoc implementations, so its use will create another security management server and interface.
Licensing
WinMagic sells individual licenses of SecureDoc for Windows and SecureDoc for Servers through its online store. Online store customers may also choose the desired support option for each SecureDoc license. WinMagic requests that customers wanting to purchase more than nine licenses of SecureDoc for Windows or SecureDoc for Servers contact its sales department for pricing information. Customers interested in other SecureDoc versions are also to contact the sales department.
Conclusion
The WinMagic SecureDoc products offer full-disk encryption products for an unusually wide variety of server, desktop, laptop, mobile devices and cloud platforms. WinMagic SecureDoc also offers strong capabilities for encryption, authentication and centralized management. Organizations seeking a robust single full-disk encryption product, particularly in heterogeneous environments, should consider the WinMagic SecureDoc offerings to be strong contenders in any full-disk encryption product evaluation.