SafeGuard Data Exchange

SafeGuard Data Exchange offers location-based encryption of files stored on removable media so you can exchange them with other users. Only users who have the appropriate keys can read the contents of the encrypted data. All encryption and decryption processes are run transparently and involve minimum user interaction.

During daily work you will not notice that the data is encrypted. However, when you disconnect the removable media, the data remains encrypted and is protected against unauthorized access. Unauthorized users can access the files physically, but they cannot read them without SafeGuard Data Exchange and the relevant key.

Your security officer defines how data on removable media is handled. The security officer can, for example, define encryption as mandatory for files stored on any removable media. In this case, all unencrypted files existing on the device are initially encrypted. In addition, all new files saved to removable media are encrypted. If existing files are not to be encrypted, the security officer can choose to allow access to existing unencrypted files. In this case, SafeGuard Data Exchange does not encrypt the existing unencrypted files. However, new files are encrypted. So you can read and edit the existing unencrypted files, but as soon as you rename them, they are encrypted. The security officer can also specify that you are not allowed to access unencrypted files, and they remain unencrypted.

There are two ways to exchange encrypted files stored on removable media:

  • SafeGuard Enterprise is installed on the recipient's computer: You can use keys available to both of you, or you can create a new key. If you create a new key, you have to provide the data recipient with the passphrase for the key.
  • SafeGuard Enterprise is not installed on the recipient's computer: SafeGuard Enterprise offers SafeGuard Portable. This utility can be automatically copied to the removable media in addition to the encrypted files. Using SafeGuard Portable and the relevant passphrase, the recipient can decrypt the encrypted files and encrypt them again without SafeGuard Data Exchange being installed on their computer.
Important When extracting a ZIP archive using the built-in archiver of Microsoft Windows the process stops as soon as an encrypted file is encountered for which the key is not available. The user receives a message that access was denied, but is not informed that there are files that have not been processed and hence are missing. Other archivers, for example 7-Zip, work fine with ZIP archives containing encrypted files.