Sophos SafeGuard Device Encryption (SDE) is the partition-based encryption component of the Sophos SafeGuard Enterprise Suite. Sophos SDE encrypts data on magnetic and solid state storage devices. Encrypt-able media includes built-in storage such as hard disks and their partitions and mobile storage such as USB memory drives, SD/MMC cards and Compact Flash.
The administration of Sophos SDE is achieved through other components of the Sophos SafeGuard Enterprise Suite. A centralised database maintained by the SafeGuard Management Centre (SMC) is typically used for this purpose. This database allows for central management of a large number of SDE-installed PCs. The database stores user encryption keys, usernames and passwords, security policies, user roles, device properties, user key rings and configuration data. This information is forwarded to client PCs from the server via a network connection.
Power-on-Authentication (POA) is achieved with username and password, token, or Crypto-token and PIN, which then defines what block devices can be accessed post-boot.
Volume encryption is transparent; after POA all read/write accesses are decrypted/encryption with no further user interaction from Sophos SDE.