Enforced encryption (Encryption 2-Go)

Before being able to encrypt USB data storage devices automatically (enforced encryption), you need to configure some basic settings. These include the encryption algorithm and other general conditions, for example how existing data can be transferred from an unencrypted drive during encryption or how large the encrypted area will be. You can create different rules for specific users or computers, or, for example, rules that are applied only to specific network connections.

Up to three different rules can also be combined into one user selection, if required. It is displayed to the user (e.g. when plugging in a USB flash drive) and the user then selects one of the available options.

Examples:

• All USB flash drives shall be encrypted with AES.

• Only the USB sticks of the Executive Board shall be encrypted with AES (FIPS-mode).

• The user is to decide whether to encrypt the entire flash drive or only 50% of the available capacity.

• The user may select one of two options, for example 'Encrypt USB drive completely' or ' Use drive without encryption for read-only after confirming a security notice'.