File Sync and Share (FSS) Application Best Practices
- Updated On 16 Oct 2020
- 1 Minute To Read
Data protected by SecureCircle will stay protected in-transit, at rest, and in-use. As such, SecureCircle can enable the secure usage of sync and share applications, such as Microsoft OneDrive, Google Drive, Dropbox, Box, etc. The following are best practices when using sync and share applications.
Leave Sync and Share Applications "Disabled" in the Applications List
The SecureCircle Server allows for administrators control what endpoint applications may view decrypted data of a protected file ("Enabled" in the Applications list) and what applications may not view the decrypted data of a protected file ("Disabled" in the Applications list). Applications set to "Disabled" will read still-encrypted bytes from the filesystem, allowing them to securely and transparently transport the protected data. Leaving sync and share applications "Disabled" in the Applications list prevents them from sending decrypted data from protected files to remote servers. These applications will instead send the still-encrypted bytes, allowing users to transmit and receive protected files through these applications while ensuring that only authorized users and applications can view the decrypted data.
Consider Designating Local Folders that Represent Remote Sync and Share Folders as Protected Folders
The SecureCircle Agent allows any filesystem folder to be designated as a protected folder. Any data written into these folders, whether originating on the local system or received through a sync and share application, will be automatically added to the designated Circle. Sync and share applications allow the configuration of local folders that are synchronized with remote storage. Designating these local folders as protected will enforce all data to become protected, whether it originated locally or whether it originated on the remote service. For Windows devices in an Active Directory environment, this can be enforced via Group Policy (see Designate Protected Folder via Group Policy).