Users Guide
• Additional le types, such as .txt or .png, congured for Basic File Protection
• Content Based Protection les - previously Data Classication (Windows)
• TITUS Classication les (Windows)
If you already collaborate on les or share them with internal or external users, those users may or may not be in your access group. The
best practice for a smooth transition is to have a brief, transitional period to process any of those encrypted les that are shared with other
users. You must log in to your computer during this transitional period.
Be aware of the following if you want to continue sharing or collaborating on those les:
• For shared les listed above, the rst person to log in and have their computer swept then becomes the owner of any shared les.
• If another person becomes the owner of the le and the original author is not in their access group, the original owner must request
access from the new owner. The original owner can also request that the administrator change ownership.
• External users' computers are not swept so any copies of unprotected shared les are not swept and encrypted.
• If Data Guardian's Cloud Encryption is enabled and users share folders or les on a cloud storage provider, those les will also be swept.
Collaborate on newly created les after the transitional period
For new les that you create and encrypt after the transitional period:
• Internal or external users within your access group - Have access to all shared, encrypted les.
– Anyone who is removed from the access group loses access.
– If the owner of a le is removed from the group, other users still have access.
• Internal or external users outside your access group - Cannot view an encrypted le.
– An internal user within the access group can grant access.
– If an external user is the owner of an encrypted le, they can grant access to another individual.
– If an internal or external user outside the group receives an encrypted le and tries to open it, a dialog prompts them to request
access.
Enterprise Does Not Yet Have Data Guardian and
Force-Protected Mode
If your enterprise plans to use Data Guardian with access groups to enhance security for sensitive data, the best practice is to identify any
les that you share with internal or external users and nd out if those users will be in any
access group that your administrator creates for
you. Initially, to ensure a smooth transition, your enterprise may provide a brief period for processing any existing shared les. After the
transitional period is complete, those in your access group can view any shared, encrypted les that you create. You can grant access to
individuals outside your access group so that you can collaborate with them but have greater security.
Identify those in your access group
Your administrator will inform you who is in one or more of your access groups, depending on who needs access to specic les. This can
include internal and external users. If you work on sensitive data with specic users, you can request that your administrator create an
access group for that content.
Use a transitional period to process shared les
When Data Guardian is installed, a sweep occurs on Windows or Mac and encrypts the following les if your administrator enabled a policy
for them.
• Oce documents
• PDFs
64
Data Guardian User Guide v2.8
Enhance Security with Data Guardian's Access Groups (On-prem)