Configuring Stormshield Data Team

Stormshield Data Team makes it possible to automatically encrypt files wherever they are, in real time and transparently. Encryption is defined by security rules on folders, whether shared or not, and these rules specify which collaborators are authorized to read and edit files stored in the folders.

For more information, refer to Securing folder content in the SDS Enterprise advanced user guide.

To configure automatic folder encryption:

  • Go to Policies > Features > Team, and enable the settings of your choice.

Properties

Select the possible actions when changes occur with the collaborators selected in the security rules, or when there is an issue with the user certificate revocation list.

In the first option, access to files can be denied to users who have been deleted from a rule. The two options that follow make it possible to retain such users' access to files.

Showing co-workers

When a folder is protected by a rule:

  • Either all users can show the rule, regardless of whether they are co-workers in the rule,

  • Or only co-workers in the rule can show the rule,

Authorizations

These four options correspond to the menus available in the SDS Enterprise pop-up menu when the user right-clicks on a folder.

  • If the option Allow encryption according to the rules defined is enabled, the user will see the Secure according to defined rules pop-up menu, which will allow the encryption of a folder by sharing it with other users.

  • If the Allow save and restore option is enabled, the user will be able to see the Advanced > Save and Advanced > Restore pop-up menus.

  • If the option Allow encryption is enabled, the user will see the Secure the folder pop-up menu, which will allow the encryption of a folder without sharing it with other users.

  • If the Allow deletion option is enabled, the user will be able to see the Advanced > Delete pop-up menu.

For detailed information on these menus, refer to Securing folder content in the SDS Enterprise Advanced user guide.

Access to encrypted files Set the rules granting access to files encrypted in a folder. This applies to situations when the user certificate is revoked or has an issue, or when the certificate revocation list can no longer be accessed.
Date changes when files are encrypted or decrypted Select these options if you want the dates on which the file was created, modified or last accessed to be changed every time a file is encrypted or decrypted.
Advanced settings

Advanced settings make it possible to change some of the default behavior settings in Stormshield Data Team:

  • by default, the report window closes after encryption.

  • By default, the encryption progress window is not shown.

  • By default, encrypted files can be opened in non-secure folders. Do be careful, however. Depending on the application used, if you open an encrypted file in a non-secure folder, a temporary plaintext file may be created in this folder. When you save and close the file, the temporary plaintext replaces the original encrypted file. Moreover, even if you do not save the file, the deleted temporary plaintext file remains on your PC and can be recovered using specialized tools, which is a security risk.

  • By default, encrypted files and folders are decrypted when they are copied or moved to a non-secure folder. Regardless of the option selected here, the Save agent's pop-up menu always makes it possible to copy encrypted files and secure folders while preserving encryption. For more information on this menu, refer to Saving an encrypted file in the Advanced user guide SDS Enterprise.

You can also specify a list of folders on which a user will not be able to create a Team security rule to automatically secure the folder. Enter folder paths. If you enter a value already present in the list, you cannot add it.

The list is recursive and automatically includes sub-folders.

For more information on the advanced use of the Team feature on the SDS Enterprise agent, refer to the section Stormshield Data Team