Paradox will work on a broad range of devices running x86 based processor architectures. This includes laptops, desktops, tablets, thin-clients, Industrial devices (HMIs) etc. However, as with linux-based operating systems, we cannot guarantee support for everything, as specialist drivers may be required for some hardware.

If you have a particular device you are targeting, contact support@becrypt.com for advice.

If you are deploying Paradox on bootable USB memory sticks to use across an arbitrary range of devices, as business continuity for example, your planning should consider the likely age and diversity of hardware.

Paradox was designed for organisations moving to the Cloud, but ironically has no Cloud Dependencies. All management technology may be hosted on premise, and Paradox used for accessing locally hosted VDI or Web Applications.

The Paradox family of Products all use the same Paradox Operating system, designed for secure Cloud Access.

A version of Paradox exists that is used within government sensitive environments referred to as Paradox SE. The main difference is that there are fewer configuration options with Paradox SE. For example Paradox SE mandates the use of two factor authentication, and requires organisations host Certificate Authorities for code signing.

Paradox Edge is a managed service, allowing customers to leverage a Public Cloud Management platform hosted by Becrypt and partners.

Paradox Link includes Federated Device Identity management, allow collaborating organisations such as supply chain, to trust 3^rd party devices.

Paradox has been designed primarily for access to on-line applications and services, whether private or public cloud. Typically user data is not stored locally. Access to online applications, such as O365 may be temporarily lost without issue, but server connection needs to be re-established to save or update data.

There are always exceptions, and we have customers that specifically run offline applications with local data, but its best to check your use case with Becrypt support if it diverges from Secure Cloud Access.

No. Paradox typically replaces Windows, and provides an Operating System tailored specifically for secure access to Cloud or online applications.

Paradox uses the Becrypt Enterprise Manager platform to allow authorised applications to be deployed and patched. These typically include standard third-party VPN and VDI clients, but may be extended to certain Office Productivity applications where offline applications are needed.

Windows Applications do not run natively on a Paradox client, but are delivered when used as either Virtualized or Web Applications.

Guidance from organisations such as the UK National Cyber Security Centre stresses the importance of protecting against malware. The Paradox security architecture was designed in collaboration with UK government and includes a number of mitigations against the risks of malware, including application whitelisting, cryptographic verification of ALL installed software, read-only system partition and privilege escalation prevention. Most customers regard these measures as sufficient, and significantly more robust than signature-based AV products. However, an AV solution may be installed if required.

You most certainly can. The look and feel of the Paradox Desktop is highly customisable. The Wallpaper, Panel height, colour and opacity is configurable. The SysTray Icons can be hidden individually and the clock format changed. Even the Start Menu Icon can be replaced. All of the Application Launchers are completely customisable from their Icon, Name and position on the Menu or Panel. Applications can have pre-set policy configuration files set centrally that can control the behaviour of the apps and there is even a Custom Homepage utility.

For more details, or to discuss advanced system and app customisation options, please contact the Becrypt team.

Disk Protect is a full disk encryption product, which means it encrypts the entire hard drive; including the operating system, applications and data. This means when the machine is off, the data is protected and it is virtually impossible to break into the data without knowing the username and password. When the machine is powered up, the data is fully accessible and encryption works transparently in the background when files are read and updated.

The alternative to FDE is usually file or folder encryption products that allow specific files or folders to be encrypted on demand. Users have to manually select which files, folders or locations they want to be encrypted. However this can leave security account information or sensitive files unprotected and may make it easier for application based attacks.

We encourage estates of more than 10 licenses to use BEM, to ensure easy and efficient management.The BEM console centralises the management of Becrypt products, supporting remote user management, policy management and role based devolved management capabilities so that everything can be managed and controlled from one place.

Yes you can. Please contact Becrypt Support Team for further information and guidance on this.

Disk Protect only supports hardware RAID. It does not support software RAID.

Commands such as ‘FixMBR’ must never be used on an encrypted drive. If used, the machine will have to be reformatted or rebuilt.

Becrypt mShare complements Becrypt’s existing product portfolio by expanding the supported use case for organisations that want to encrypt data on external devices, but still allow the flexibility to access and save that data from any location and work collaboratively with third-parties.

A Becrypt mShare device is an encrypted USB memory device that can safely be used to transport sensitive data. The mShare device holds a Container (an area of encrypted memory) and a copy of the Becrypt mShare Vault tool.

mShare can be used on Windows 7, Windows 8, Windows 8.1 or Windows 10.

When you open the device in Windows Explorer, only the mShare Vault tool, Becrypt mShare Vault, is visible. If you run Becrypt mShare Vault (by double-clicking on the icon), you are prompted to enter the Container password. If you enter the password correctly, mShare Vault opens, and you can then import data from the PC to the Container, and can export data from the Container to the PC.

If you enter an incorrect password, you are allowed four more attempts. After five failures, mShare enters Device Recovery mode and you will need to contact an administrator for assistance.

Carrying out an Active Directory Sync operation will synchronise the Organisational Unit structure in BEM with that in the Active Directory, updating BEM to reflect any changes in Active Directory.

In order to re-register with the BEM console, please follow these steps:

1. Uninstall Disk Protect from the client machine
2. Hard delete this machine from the BEM console by recycling it, and then pressing the key combination ‘CTRL, ‘SHIFT’, ‘DEL’ from the recycled container to permanently remove it from the database
3. Delete all the Disk Protect registry keys from the client machine
4. Remove the client computer from the domain
5. Give the client machine a new computer name
6. Re-join the client machine to the domain
7. Apply the correct group policy to the client machine to enable BEM server communication
8. Install Disk Protect on the client machine again

This will re-register the machine to the BEM server.

DPE 5 was the last version to go through the legacy Enhanced Grade CAPS scheme, however as the Enhanced Grade Scheme has been deprecated, Becrypt may only sell and supply to organisations that are engaged with NCSC as part of a risk management process.

DPE SK has been built from the same product source tree as Disk Protect Enhanced, but has been modified to use self-generated encryption keys. The key generation mechanism used is the same as the Disk Protect CPA assured product. DPE SK was released with NCSC permission following the deprecation of the Enhanced Grade standard, in order to provide an option for customers that want to continue to benefit from the provenance and architecture of DPE.

To follow appropriate guidance, in the first instance NCSC assured products list should be consulted for a hardware solution. If operational requirements exist that prevent a hardware solution being deployed, a software-based solution such as DPE or DP CPA should be considered as part of an informed risk management process. Becrypt have compiled a short article summarising some of the relevant issues. Please contact Becrypt support, and request the Full Disk Encryption for High Assurance environments paper.