How is data transferred to a file server or SharePoint site protected?
- Updated On 19 Oct 2020
- 1 Minute To Read
Data protected by SecureCircle stays protected at rest, in use, and in-transit. This means that, once data is protected, it will stay protected as it moves within and outside of an organization's ecosystem, including to and from file servers and SharePoint sites.
Application Access to Protected Data
SecureCircle Administrators define which applications are able to access the decrypted version of protected data, and which applications access only the encrypted data (as it is stored at-rest). By default, SecureCircle provides a zero-configuration Applications setting that sets common applications to the recommended values. Authorized data-reading applications that will be able to access the decrypted version of protected data may include applications such as Microsoft Word, Adobe PDF, Apple Quicktime, etc., while applications that are meant for data transfer, such as Windows Explorer, Finder, Internet browsers, email clients, etc., will only have access to and be able to transfer the encrypted data.
Data that is already protected will stay protected as it is transferred via data-transfer applications, even if it is being transferred to and from remote filesystems. This is because these data-transfer applications have access only to the encrypted data of a protected file.
Data Ingest on File Servers
Previously-unprotected data on file servers can automatically be protected two ways:
- Install the SecureCircle Agent on the file server and use Protected Folders to designate how data within individual folders should be protected (see Windows file server installation: Email Invitation-based Agent for setup instructions).
- Create a client-side policy that designates the client-side remote share mapping as a Protected Folder. For example, if a remote share is automatically mapped to the Z: drive on clients, a Group Policy setting may be configured to ensure that the Z: drive is designated as a Protected Folder.
SharePoint servers do not use direct filesystem access to store and retrieve files (DB-based blob storage is used). However, since data stays protected in-transit, protected files that are uploaded to a SharePoint site remain protected since the data transfer application that performs the upload only has access to the encrypted data. The encrypted data is stored in SharePoint storage. Upon retrieval, clients download the encrypted data back to their endpoints, where it is accessed by an authorized data-reading application from the local filesystem, which has access to the decrypted data of the protected file.