I don't know how but Zenworks ESM seems to force encryption :
ZENworks Storage Encryption Solution (SES) provides complete, centralized security
management of all mobile data by actively enforcing a corporate encryption policy on the
endpoint itself.
? Centrally create, distribute, enforce, and audit encryption policies on all endpoints and
removable storage devices
? Encrypt all files saved to, or copied to, a specific directory on all fixed disc partitions
on the hard drive
? Encrypt all files copied to removable storage devices
? Share files freely within an organization while blocking unauthorized access to files
? Share password-protected, encrypted files with people outside the organization
through an available decryption utility
? Easily update, backup, and recover keys via policy without losing data
Understanding Storage Encryption Solution
Data encryption is enforced through the creation and distribution of data encryption security policies. Sensitive data on the endpoint can be stored in a safe, encrypted folder. The end-user can access and copy this data outside of the encrypted folder and share the files, however while in that
folder, the data will remain encrypted. Attempts to read the data by anyone who is not an authorized user for that machine will be unsuccessful. When the policy is activated, an encrypted ?Safe Harbor? folder will be added to the root directory of all fixed-disk drives on the endpoint.
Sensitive data placed on a thumbdrive or other removable media device will be immediately encrypted, and can only be read on the machines in the same policy group. A sharing folder can optionally be activated, which will allow the user to share the files with persons outside their policy group via a password (see ?Data Encryption? on page 98).
Sharing Encrypted Files Users within the same policy group (i.e., those users who have received the same security policy),
will have the keys to access data stored on the endpoint, as well as data moved onto thumbdrives and other removable devices.
Users within a separate policy group (with encryption activated), will be able to access encrypted data placed in the ?Shared Files? folder with an access password. These users will not be able to read encrypted files that are outside the ?Shared Files? folder.
Users who do not have encryption enabled within their policy and users who do not have a ZENworks Security Client installed on their computer (e.g., outside contractors), will not be able to read files outside the ?Shared Files? folder, and will require the Novell File Decryption Utility to read the files with password access.
I was hoping CSA will do the same thing.
Thx !
