This article describes the performance improvements in SafeGuard Enterprise 5.50.8.
Known to apply to the following Sophos product(s) and version(s)
SafeGuard Device Encryption 5.50.8
SafeGuard Data Exchange 5.50.8
Fast Initial Encryption
A new, optimized handling of the Initial Encryption is now available. It uses full-disk encryption which typically significantly reduces the duration of the initial encryption process. By limiting the initial encryption to hard disk space that is actually 'used' and not all the available physical disk space, the performance gain can be dramatic, depending of course on the percentage of used disk space. This new encryption mode can also improve the runtime performance on SSD drives that become slow as soon as the volume is full. This new operational mode can be controlled along with the other encryption policy settings.
For fast initial encryption, the following prerequisites apply:
- Fast initial encryption only works on NTFS-formatted volumes.
- NTFS-formatted volumes with a cluster size of 64 KB cannot be encrypted with the fast initial encryption mode.
Note: This mode leads to a less secure state if a disk has been used before its current usage with SafeGuard Enterprise. Unused sectors may still contain data. Fast initial encryption is therefore disabled by default.
To enable fast initial encryption, in a policy of the type 'Device Protection' select the setting 'Fast initial encryption'.
For volume decryption, the fast initial encryption mode will always be used, regardless of the specified policy setting. For decryption, the prerequisites listed also apply.
Improved Encryption Performance
A new, improved and optimized implementation of the AES256 encryption algorithm provides better run-time performance when accessing encrypted data. Since the very same encryption module is used for full-disk as well as file-based encryption both modules (DE and DX) benefit from the improvements and yield better performance figures.