Users Guide

Enhance Security with Data Guardian's Access

Groups

(On-prem)

Data Guardian's Access Groups enhance security by creating user groups that can collaborate on encrypted data. Users outside a group

cannot access or view the data unless the owner of the le grants access. Access Groups can include internal and external users. You can

use Access Groups with Windows, Mac, mobile, and web portal.

Select one of these options based on your enterprise:

• Enterprise Has Data Guardian Installed with Opt-in Mode

• Enterprise Has Data Guardian Installed with Force-Protected Mode

• Enterprise Does Not Yet Have Data Guardian and Opt-in Mode

• Enterprise Does Not Yet Have Data Guardian and Force-Protected Mode

You can also do the following:

• Change the Owner of an Encrypted File

• Revoke Access to a Key

Enterprise Has Data Guardian Installed with Opt-in

Mode

If your enterprise uses access groups to enhance security for sensitive data, you need to know who is in your access group. Initially, to

ensure a smooth transition, your enterprise may provide a brief period for processing any existing shared and encrypted les. After the

transition period is complete, those in your

access group can view any shared, encrypted les that you create. You can grant access to

individuals outside your access group.

Identify those in your access group

Your administrator will inform you who is in one or more of your access groups, depending on who needs access to specic les. This can

include internal and external users. If you work on sensitive data with specic users, you can request that your administrator create an

access group for that content.

Use a transitional period to process shared, encrypted les

If you already have Data Guardian installed and existing les are encrypted, the best practice for your enterprise is to have a brief,

transitional period for encrypted les that are shared. To facilitate a smooth transition, be aware of the following for shared, encrypted les:

• Owner or author of the le, whether internal or external, continues to have access to the le.

• Internal or external users within your access group have access to most of the shared les. Based on the type of key associated with

some les, you may lose access to some.

• Internal users outside your access group - Users should open any shared les during the transitional period to gain access to the key. If

they do not open a shared, encrypted le during this brief period, they lose access to the le.

• External users not in your access group - If you already granted access to an encrypted le, the external user will continue to have

access during and after the transitional period.

If you lose access to a le after the transitional period, you can request access from the owner.

Data Guardian User Guide v2.8

Enhance Security with Data Guardian's Access Groups (On-prem)