SafeConsole Encryption Management Platform

Protecting your data, your mobile workforce, and your organization just got easier with SafeConsole. SafeConsole manages your encrypted endpoints with a secure storage command center for administering and policing the use of SafeConsole Ready devices, like Kingston, DataLocker, CardWave and more endpoints.

With SafeConsole's secure cloud-based service, you can choose to host your dedicated server in one of our 6 global data centers and be up and running in less than one hour. If your organization requires an on-premise solution, SafeConsole OnPrem and SafeConsole HA (Hardware Appliance) are easy to deploy alternatives.


Enforce your security policy by ensuring that stored data is protected with a password that meets your safety standards. Limit or eliminate the risk of USB devices introducing malware onto your networks and much more.


Get an automatic inventory directory listing all users (optionally from LDAP Active Directory) and their devices. This will limit waste of devices and assist you when redeploying previously used devices.


Enforce accountability and assist compliance efforts by activating a full audit trail on all device actions and file changes.


Centrally handle the state of the devices over the Internet, setting them as disabled or lost- even perform factory resets remotely. Disable a user in AD and their devices are automatically disabled.

What is SafeConsole?

SafeConsole is the only secure USB management platform for secure USB drives that has true password management – remote and local – and fully integrates with LDAP for on-premise installation. The solution is also available as a service in the cloud.


Password Management

Remote Password Reset

Reset passwords remotely over any channel. Administrators can get remote offline users back to work within minutes, without any loss of stored data. The short 8-character recovery codes are easily read over the phone yet maintaining the robust security of a 128-character code using a pre-buffer method. No data is lost and the process is protected against social engineering directed against the helpdesk. The user password is never exposed and there is NO master password. Read the Password Management Best Practice Paper.

Password Policy

Ensure that all data is protected by strong, compliant passwords by enforcing password policies on the devices.


Device Auditing – See Who Did What, When and Where

Device auditing makes taking stock of the entire portfolio of SafeConsoleReady devices easy as it creates an automatic inventory list. The logs then include unsuccessful unlocking attempts, device states and log-ins. This gives the administrator a full overview of all drives in use in the organization.

Detailed File Auditing – Achieve Compliance Requirements

Detailed File Auditing is an extension of the Device Audit. It allows an administrator to see what files have been copied to or deleted from the devices, as well as a trail of the files that have had their names changed.

Device State Management – Full Control Over Devices

As an extra security precaution when drives are lost, or to protect your organization’s sensitive information from access by former employees, you can remotely ‘kill’ rogue drives and erase them of all data. In the Device Overview in SafeConsole, an authorized administrator can set the device state to ‘killed’, ‘disabled’ and ‘lost’. Devices can later be recovered using the Remote Password Reset and/or Backup features. SafeConsole can also be set to handle the devices’ states entirely on autopilot. This will require the drives to return to base by connecting to the SafeConsole server within a configurable time period.


Device Protection

Inactivity Lock – Forgotten Drives Lock Down

Lock down a secure USB drive after a configurable period of inactivity. Forgotten drives that are left behind in a computer will automatically lock down according to the set policy.

File Restrictor – Restrict File Types to be Stored EXE, MP3

A white-list approach prevents the storage of unauthorized file-types. Rogue files cannot reside on a SafeConsoleReady Device as it only allows storage of file-types specified by the administrator in the SafeConsole settings.

Authorized Autorun – Stop Autorun Viruses

The onboard autorun-protection that chokes self-copying viruses such as StuxNet and Conficker – by denying unauthorized autorun files from residing on the drive altogether.

Write Protection – Set Devices in Read-Only Mode

With Write Protection, users can set their drive in a read-only mode when unlocking it on non trusted machines and thereby gain protection from malware trying to infect the drive or its content. It is also possible for an administrator to enforce this protection when a user leaves the company network ensuring that no malware can be copied to the drives and brought back to the company.

Geolocation and Geofencing

Using IP-based location tracking, pinpoint the exact location of your encrypted endpoints anywhere in the world. With SafeConsole, you can also geofence your devices making them accessible only within specific geographic boundaries.

Administrator Tools

Authorized Autorun – Stop Autorun Viruses

To prevent the spread of autorun malware, SafeConsoleReady devices overwrite the autorun.inf files stored on the encrypted storage volume, choking the effect of viruses such as Conficker. Specify trusted commmands to enable authorized applications to autorun off the devices, allowing you to keep the benefits and convenience of autostarting working-tools while blocking gateways for malware infection.

Device User Information

Save time and pain – customize devices with user information for easy identification and secure lost and found.

By defining “token” questions, SafeConsole administrators can ask device users to enter unique information about themselves. The “token” information allows the administrator to create a custom message about the user under the About window to easily identify lost devices without requiring permission to unlock the drive.

Autostart applications that require a password to start can also make use of “token” information by assigning a token as a necessary password. This allows the application to launch without interruption.

The information is collected to the server and can be used to sort and search users and their devices.

Device User Settings

Configure device settings to tailor the SafeConsoleReady device to your needs (e.g. disallow users from factory-resetting their devices). It is also possible to enforce a user interface language and pre-approve the device warranty for quicker device deployment.


SafeConsole Cloud

Secure Cloud Hosted Service

  • Up and running in minutes
  • No user content is stored on the cloud
  • Your dedicated server can be hosted in your choice of cities around the globe
  • Ideal for deployments of 1-500 endpoints

Available Now

SafeConsole OnPrem

User Hosted Application

  • Requires a dedicated Windows based server
  • Log in and manage from anywhere
  • Modest hardware and bandwidth requirements
  • Ideal for deployments of 300+ endpoints

Available Now

SafeConsole HA

User Hosted Hardware Appliance

  • Easy on-premises deployment
  • Self-contained 1U rack-mounted appliance
  • Includes one-year support and maintenance;
  • Manage up to 1,000 endpoints

Coming Soon

Serving 1000+ customers in more than 32 countries