Use Cases

Dealing with lost laptops

With SEAhawk Basic Protection, you don't need to be concerned about data leakage stemming from lost laptops. All data on the laptop's system drive is encrypted and completely unreadable (unless, of course, you have the login password).

 

Basic Protection provides Full Disk Encryption for your organization's PCs (desktop, laptops, notebooks). All data on the PC hard drive is protected. This protection covers all the user’s data files, sensitive documents, operating system files, common application files, as well as special Windows files such as the paging file, temporary files, hibernation file. In short, everything.

 

In order to start up the PC, the user provides their password at boot time -- this enables access to the PC's hard drive. Without this authentication step, the entire disk remains encrypted and unreadable for anyone who finds the device.

 

The government-grade AES encryption cipher employed by SEAhawk ensures that even the most determined attacker would be unable to "break" the encryption. Because the full disk encryption is automatic and transparent, there is no conscious decision to be made by your users; for example: as to whether a document is sensitive, and requires encryption. Since everything on the disk is encrypted, the protection of all data is mandatory, and the enforcement takes place invisibly.

 

Because there is complete protection on the laptop, you can rest assured that the only loss is the PC asset itself, and not the data contained in in.

Responding confidently when a PC is stolen

With SEAhawk Basic Protection, you can confidently be assured that there is not leakage stemming from a stolen PC.

 

Basic Protection provides Full Disk Encryption for your organization’s PCs (desktop, laptops, notebooks). All data on the PC hard drive is protected. This protection covers all the user’s data files, sensitive documents, operating system files, common application files, as well as special Windows files such as the paging file, temporary files, hibernation file. In short, everything.

 

In order to start up the PC, the user provides their password at boot time -- this enables access to the PC’s hard drive. Without this authentication step, the entire disk remains encrypted and unreadable by the PC thief, or anyone whom they sell the PC.

 

The government-grade AES encryption cipher employed by SEAhawk ensures that even the most determined attacker would be unable to "break" the encryption. Because the full disk encryption is automatic and transparent, there is no conscious decision to be made by your users; for example: as to whether a document is sensitive, and requires encryption. Since everything on the disk is encrypted, the protection of all data is mandatory, and the enforcement takes place invisibly.

 

Because there is complete protection on the laptop, you can rest assured that the only loss is the PC asset itself, and not the data contained in in.

Preventing employees from
taking sensitive data

SEAhawk Premium Protection allows you to enforce data access policy on removable devices. Typical policy settings can restrict non-encrypted devices to a read-only (or fully blocked) state. However, the same policy will allow a user to copy information onto encrypted devices.

 

Encrypted devices can be shared between other members of the organization on a need-to-know basis. Using either Sharing Passwords or the convenient Group Single Sign-on method for data sharing, groups of workers can exchange information conveniently and securely with each other.

 

This sharing is contained within the assigned Trust Boundary. So, taking information to a user outside of the Trust Boundary is ineffective, since it cannot be decrypted. Even if you have the sharing password!

Encouraging USB drive use without fear of data loss

SEAhawk Premium Protection allows you to enforce data access policy on removable devices. Typical policy settings can restrict non-encrypted devices to a read-only (or fully blocked) state. However, the same policy will allow a user to copy information onto encrypted devices.

 

Encrypted devices can be shared between other members of the organization on a need-to-know basis. Using either Sharing Passwords or the convenient Group Single Sign-on method for data sharing, groups of workers can exchange information conveniently and securely with each other. Thus, organizations can embrace the use of USB devices, and encourage the use of these drives to reap the productivity benefits provided by these mobile media. At the same time, knowing that the content is encrypted and unreadable by outsiders allays any fears of data leakage through lost or stolen USB drives.

Accessing data when

passwords are forgotten

The burden of remembering dozens of passwords is becoming common to us all. Inevitably, from time to time, an end-user will forget their password leaving them unable to access their information. Unable to login to their PC, or unable to open an encrypted file or device. With CryptoMill SEAhawk, this is not a problem! CryptoMill SEAhawk provides a number of different methods for legitimate users to regain access to their encrypted data.

 

a) Self-Help Recovery

 

b) Help Desk Recovery (over the phone, over e-mail)

 

c) Administrative Login on the PC

 

d) Administrative automatic unattended login via Management Console

 

Once logged into the PC (or having accessed the encrypted media), the user is able to reset the password to a new value (that they will remember more easily).

Accessing data when employees leave

On occasion, employees are unavailable to login to a PC, or enter a password for an encrypted file/device. It may be that she is away from the office, traveling for business, or on vacation. Perhaps the employee has been terminated. Whatever the reason, CryptoMill SEAhawk ensures that there is a way for a duly-authorized supervisor or IT administrator to regain access to the PC, or the encrypted file/device. These recovery methods include:

 

a) Help Desk Recovery (over the phone, over e-mail)

 

b) Administrative Login on the PC

 

c) Administrative automatic unattended login via Management Console

 

Once logged into the PC (or having accessed the encrypted media), the user is able to reset the password to a known value.

Segregating users' data on shared PCs

CryptoMill Technologies provides the option of using a secure Virtual Disk -- an encrypted container that stores sensitive user data. This secure container (or “SEAhawk Disk”) resides on the physical storage device attached to the PC, and acts just like an additional hard disk. It is best used in cases where users share the same computer but login in different user accounts.

 

 

SEAhawk Virtual Disk:

 

• Appears to the operating system just like a regular hard disk

• Is secured using strong standards-based encryption (AES) for maximum protection

• Can be easily backed up and recovered without the need for additional security

 

Benefits of encrypted virtual disks:

 

Data Privacy

 

Data is becoming increasing valuable in this day and age and by realizing that the need to secure your personal data, be it your family photos or corporate and financial information. SEAhawk provides an easy to use secure storage area to give them peace of mind when it comes to data protection.

 

 

Secure Data Sharing

 

With the ability to protect removable storage media, you can extend your data privacy to mobile devices. You can also share those protected devices with other SEAhawk users in a private way. Being secure does not have to mean compromising functionality.

Securely sharing projects on

removable hard drives

SEAhawk Premium Protection provides easy, secure information sharing using removable hard drives. Drives can be fully encrypted, protecting their valuable content in case of loss or theft.

 

An encrypted drive can be shared between other team members working on the project. This sharing can be facilitated using Sharing Passwords -- each member of the project team simply needs to know this password. For more convenience, a Trust Boundary can be employed to provide “boundary-wide” sharing. In this case, the removable drive is configured for Group Single Sign-on. This means that all members of the Trust Boundary would enjoy single sign-on access to the removable drive -- No passwords to enter!

Using Encrypted Virtual Disks - without FDE

Some users want the protection provided strong encryption, without some of the performance impacts (or system maintenance inconvenience) associated with Software Full Disk Encryption solutions.

 

The adaptability of CryptoMill SEAhawk Premium Protection provides an elegant solution that can meet the needs of these users.

 

For conscientious and disciplined users, a policy can be configured which does not enable Full Disk Encryption, but instead enables a Default Encrypted Virtual Disk. It is in this Encrypted Virtual Disk that the user stores her sensitive files. The Encrypted Virtual Disk opens automatically whenever the user logs in -- and securely closes whenever the user logs out, or shuts down the PC. So, any sensitive files are protected in the event that the PC is lost or stolen.

 

However, because everything stored or located outside of the Encrypted Virtual Disk remains unencrypted, there is no performance impact on running software applications or the operating system. Similarly, the PC startup process remains unmodified, and hence more easily repaired in the event of OS boot or driver installation problems.

Proudly Canadian