Sophos Device Encryption
Managed full-disk encryption for all Windows and macOS endpoints via Sophos Central, with centralised key recovery, compliance reporting, and Kenya DPA 2019 alignment.
Key highlights
- BitLocker (Windows) and FileVault (macOS) managed centrally
- Encryption keys escrowed in Sophos Central, recoverable remotely
- Encryption status reporting across all endpoints
- DPA 2019 compliance evidence for data-at-rest
- Enforced automatically on all managed devices
If a laptop is lost, is the data on it safe?
Device encryption is the one control that answers that question definitively. With full-disk encryption enabled, a stolen or lost laptop is a hardware loss, not a data breach. Without it, every unencrypted device that goes missing is a potential Kenya DPA 2019 incident. Sophos Device Encryption, managed through Sophos Central, gives Sentire the ability to enforce, monitor, and recover encryption keys across your entire fleet.
Windows BitLocker and macOS FileVault
Sophos Device Encryption manages the native encryption built into Windows (BitLocker) and macOS (FileVault), not a third-party encryption layer. This means no performance impact, no compatibility issues, and no additional software agent beyond Sophos. Encryption status is managed and reported centrally.
What Sentire manages
Policy enforcement
Encryption is enforced via Sophos Central policy. Unencrypted devices are flagged and prompted to enable encryption automatically. Sentire monitors compliance across all managed endpoints.
Key escrow and recovery
Recovery keys are escrowed in Sophos Central, not held locally on the device. If a user forgets their PIN or a device needs to be accessed by IT, Sentire can retrieve the recovery key remotely, without physical access to the machine.
Compliance reporting
Sophos Central generates encryption compliance reports showing which devices are encrypted, which are pending, and which are non-compliant. These reports serve as evidence for Kenya DPA 2019 data-at-rest requirements.
Kenya DPA 2019 and device encryption
The Kenya Data Protection Act 2019 requires data controllers to implement appropriate technical measures to protect personal data. For data stored on endpoint devices, customer records, financial information, staff data, full-disk encryption is the primary technical control that satisfies this requirement. Without it, a lost or stolen device carrying personal data is a notifiable breach.
Sophos Device Encryption, managed by Sentire, gives you the enforcement, audit trail, and compliance reporting to demonstrate that this control is active and maintained. It pairs with Sentire's broader cybersecurity and endpoint management services.
Are your endpoints encrypted today?
Most businesses don't know the answer to that question with certainty. Sentire can audit your current encryption status and deploy managed encryption across your fleet as part of our security assessment. Get in touch to find out where you stand.
Also in Cybersecurity
Endpoint Protection
Sophos endpoint security deployed on every device. EDR, antivirus, behavioural analysis, and ransomware rollback managed end-to-end by Sentire.
Firewall Management
Managed Sophos XGS firewall with policy management, VPN configuration, and traffic inspection. Sentire owns the configuration so you don't have to.
Email Security
Multi-layer email protection with anti-phishing, anti-spam, and impersonation detection. Integrated with Microsoft 365 and managed by Sentire.
Sophos Managed Detection and Response
24/7 threat hunting and incident response from the Sophos MDR Operations Centre. Sentire deploys the agent and manages the relationship with Sophos Security Operations team.
Security Awareness Training
Simulated phishing campaigns and staff security training to build a security-aware culture. Human error is behind 90% of breaches.
Get it done right
Let Sentire handle your Sophos Device Encryption.
Our engineers are based in Nairobi and support businesses across Kenya. No lengthy contracts. Just reliable, expert IT delivered as a service.