Users Guide

• Internal users outside your access group - Users should open any shared les during the transitional period to gain access to the key. If

they do not open a shared, encrypted le during this brief period, they lose access to the le.

• External users not in your access group - If you already granted access to an encrypted le, the external user will continue to have

access after the transitional period.

If you lose access to a le after the transitional period, you can request access from the owner.

Regain access to shared, encrypted les after the transitional

period

For Windows and Mac in Force-Protected mode, you can do the following to regain access:

• Protected Oce documents - A dialog prompts internal and external users to request access, and the owner of the le can decide

whether to grant access.

• Additional le types encrypted through Basic File Protection - No post-share prompt exists. The user must know the owner of the le

and right-click the encrypted le to nd the Key ID on the Data Guardian tab. The user can send that information to the owner and

request access.

Collaborate on newly created les after the transitional period

For new les that you create and encrypt after the transitional period:

• Internal or external users within your access group - Have access to all shared, encrypted les.

– Anyone who is removed from the access group loses access.

– If the owner of a le is removed from the group, other users still have access.

• Internal or external users outside your access group - Cannot view an encrypted le.

– An internal user within the access group can grant access.

– If an external user is the owner of an encrypted le, they can grant access to another individual.

– If an internal or external user outside the group receives an encrypted le and tries to open it, a dialog prompts them to request

access.

Enterprise Does Not Yet Have Data Guardian and Opt-

in Mode

If your enterprise plans to use Data Guardian with access groups to enhance security for sensitive data, the best practice is to identify any

les that you share with internal or external users and nd out if those users will be in any access group that your administrator creates for

you. Initially, to ensure a smooth transition, your enterprise may provide a brief period for processing any existing shared les. After the

transitional period is complete, those in your

access group can view any shared, encrypted les that you create. You can grant access to

individuals outside your access group so that you can collaborate with them but have greater security.

Identify those in your access group

Your administrator will inform you who is in one or more of your access groups, depending on who needs access to specic les. This can

include internal and external users. If you work on sensitive data with specic users, you can request that your administrator create an

access group for that content.

Use a transitional period to process shared les

When Data Guardian is installed, a sweep occurs on Windows or Mac and encrypts the following les if your administrator enabled a policy

for them.

Data Guardian User Guide v2.8

Enhance Security with Data Guardian's Access Groups (On-prem)