Sophos SafeGuard Enterprise v5.6 uses FIPS 140-2 validated cryptography deployed and managed from an easy-to-use console. The tool encrypts data transparently - users do not need to decide which data is to be disguised. Encryption and decryption is performed in the background. The operating system is encrypted at up to 256-bit AES behind a secure pre-boot (power on authentication) environment to the entire hard drive.
Access through the pre-boot environment is single sign-on, taking the user straight to the installed operating system. If the user forgets their password, they can answer predefined questions through a challenge-response interface to enable access without a call to the help desk. Each encrypted client has a small agent installed to collect and apply policies, and the compliance status of each machine can be easily seen in the management console.
The installation is very intuitive. First, one installs SafeGuard Policy Editor. A wizard guides the admin through everything needed, including loading SQL Express, .Net, IIS and any required security updates. One is guided through creating the default policy. The policy is then published into a configuration package and installed on the endpoints. We were very impressed with the load and setup process.
Policies can be extremely granular, though that level of capability usually comes with some complexity. The policy configuration can get complicated based on one's requirements, but in the end, after interacting with the user interface for a bit, we had no problem working through anything we desired to configure. One can import users from a directory. One feature for administrators we particularly liked: Service accounts enable members of the IT team to logon to endpoint computers for post-installation tasks without activating the Power-on Authentication.
This is a feature rich, powerful solution at a reasonable price point.