7.4 Full Disk Encryption

ZENworks 11 Full Disk Encryption protects a device’s data from unauthorized access when the device is powered off or in hibernation mode. To provide data protection, the whole disk or partition is encrypted, including temporary files, swap files, and the operating system. The data cannot be accessed until an authorized user logs in, and can never be accessed by booting the device from media such as a CD/DVD, floppy disk, or USB drive. For an authorized user, accessing data on the encrypted disk is no different than accessing data on an unencrypted disk.

The following tasks must be done in the order listed.

Task

Details

Activate Full Disk Encryption

If you did not activate Full Disk Encryption during installation of the Management Zone, either by providing a license key or by turning on the evaluation, you must do so before you can use the product.

For instructions, see Section 11.1, Activating Full Disk Encryption.

Folder icon

Enable the Full Disk Encryption Agent

The Full Disk Encryption Agent performs disk encryption. It must be installed and enabled on each device whose disks you want to encrypt.

For instructions, see Section 11.2, Enabling the Full Disk Encryption Agent.

Usersource icon

Create a Disk Encryption policy

The information required to encrypt a devices disks is passed to the Full Disk Encryption Agent via a Disk Encryption policy. You must create at least one policy.

For instructions, see Section 11.3, Creating a Disk Encryption Policy.

Configuration icon

Assign the policy to devices

Disk Encryption policies can only be assigned to devices, device groups, or device folders.

For instructions, see Section 11.4, Assigning the Policy to Devices.