Encrypt data

SafeGuard Enterprise Synchronized Encryption comes with a versatile file encryption module. Synchronized Encryption allows you to encrypt sensitive data based on the application it was created or modified with. This encryption is persistent, so your data is secure even if moved to another location, uploaded to a cloud storage provider, or sent via email. Depending on the policy settings, certain file types are usually encrypted automatically. However, in some cases it might be necessary to decrypt or encrypt single files manually. In Windows Explorer and macOS Finder, encrypted files are marked with a green lock symbol.

To prevent users from decrypting files manually, see Prevent users from decrypting files manually.

Encrypt data with different encryption keys

You can specify that different keys are used to encrypt files in specific locations, see Create policies for application-based file encryption.

Policies

  • Synchronized Encryption policies are not merged. The policy closest to the target object (user or computer) in a hierarchy chain is always applied. The policy currently in force for a user or computer is displayed on the RSOP tab under Users and Computers.

Persistent encryption

Windows

  • When you move an encrypted file from an encrypted folder to a plain folder, the file will still be encrypted. You can open the file and edit it. When you modify and save it, it will still be encrypted.

macOS

  • Moving encrypted files from Secured Folders

    As a security officer you define which folders on your Macs are classified as Secured Folders. If you are using Synchronized Encryption, all files in Secured Folders are encrypted automatically.

    When you move an encrypted file from a Secured Folder to a non-Secured Folder, the file will still be encrypted. You can open it, but encrypted content will be displayed. You need to decrypt it manually first.

    When you open an encrypted file in a Secured Folder and save it in a non-Secured Folder, the file will be decrypted automatically.

Backups

If you use backup software, like File History in Windows 8.x and Windows 10 or Time Machine in macOS, you may have backup, older versions of files of the type you want to encrypt. Synchronized Encryption cannot encrypt these files. You should remove or encrypt existing backups and deactivate automatic backups.