Share removable media with external party

Note: This example applies only for Windows endpoints.
Bob wants to hand out an encrypted device to Joe (external party) who does not have SafeGuard Data Exchange installed and therefore has to use SafeGuard Portable. Under the assumption that Bob does not want to give Joe access to all encrypted files on the removable media, he can create a local key and encrypt the files with this local key. Joe can now use SafeGuard Portable and open the encrypted files with the passphrase of the local key, whereas Bob still can use the media passphrase to access any encrypted file on the removable device.

Behavior on the computer

You have to specify the settings in a policy of the type Device Protection\Removable Media:

If the company policies additionally define that all files on removable media have to be encrypted in any situation, add the following settings:

At work, Bob and Alice have transparent access to encrypted files on removable media. At home, they can use SafeGuard Portable to open encrypted files by entering the media passphrase. If Bob or Alice wants to hand out the removable media to a 3rd party computer that does not have SafeGuard Data Exchange installed, they can use local keys to ensure that the external party can access only some specific files. This is an advanced configuration, which means more interaction for the user by allowing them to create local keys on their computer.

Note: A prerequisite for this example is that the user is allowed to create local keys (default setting in SafeGuard Enterprise).