SecureCloud supports full disk encryption, including encryption of the boot volume where the operating system is stored. After powering on a machine, SecureCloud must decrypt the boot volume before loading the operating system. The SecureCloud Agent on the machine uses pre-boot authentication to identify itself to the Key Management Server. If the SecureCloud Agent passes pre-boot authentication the Key Management Server issues the key necessary to decrypt the boot volume.

Administrators can also enable multi-factor authentication (MFA) for specific users of SecureCloud. When MFA is enabled, users must pass two levels of identity verification in order to successfully log on to the Web Console: their name and password, and a password generated by Google Authenticator™.