|SafeGuard Data Exchange / Best practice|
Bob wants to share encrypted data on removable media with Alice. Both belong to the same group and therefore have the appropriate group key in their SafeGuard Enterprise key ring. As they are using the group key, they can access the encrypted files transparently without the need to enter a passphrase.
You have to specify the settings in a policy of the type Device Protection\Removable media:
Media encryption mode: File-based
Key to be used for encryption: Defined key on list
If company policies additionally define that all files on removable media have to be encrypted in any situation, add the following settings:
Initial encryption of all files: Yes
Ensures that files on removable media are encrypted as soon as the media is connected to the system for the first time.
User may cancel initial encryption: No
The user cannot cancel initial encryption, for example to postpone it.
User is allowed to access unencrypted files: No
If plaintext files on removable media are detected, access to them will be denied.
User may decrypt files: No
The user is not permitted to decrypt files on removable media.
Copy SG Portable to target: No
As long as data on removable media are shared within the workgroup, SafeGuard Portable is not necessary. Also, SafeGuard Portable would allow to decrypt files on computers without SafeGuard Enterprise.
The users can share data just by exchanging their devices. When they connect the devices to their computers they have transparent access to encrypted files.