Welcome to the Stormshield Data Security Enterprise administration guide version 11.0.
In the documentation, Stormshield Data Security Enterprise is referred to in its short form: SDS Enterprise and Stormshield Data Management Center as: SDMC.
This guide contains the information needed for managing SDS Enterprise and installing SDS Enterprise agents in your environment.
SDS Enterprise guarantees the protection and confidentiality of data stored on local, shared or cloud-based folders, by relying on the transparent end-to-end encryption built into communication and collaboration tools With it, access to protected data can also be restricted to defined groups and user profiles.
SDS Enterprise includes the SDMC administration console, from which you can define security policies and an agent installed on users' workstations. This agent makes it possible to apply policies and provides the following features:
- Real-time transparent file encryption, for transfer by e-mail or secure backup,
- Encryption of files stored on spaces synchronized with online hosting services OneDrive, DropBox, SharePoint and Oodrive,
- Encryption and signature of e-mails, making it possible to protect the data that they contain, and guarantee the authenticity of their sender’s identity and the integrity of their contents,
- Sharing of encrypted files with co-workers over my company’s network,
- Secure and irreversible erasure of data,
- Electronic signature of files and folders, making it possible guarantee the authenticity of their sender’s identity and the integrity of their contents,
- Encryption of virtual disks, making it possible to store protected files. These virtual disks can be shared among co-workers.
The solution also includes the Stormshield Data Connector
The SDMC administration console is hosted by Stormshield‘s Cloud services. In SDMC, you can:
Create and configure the security policies applied by the SDS Enterprise agents installed on users' workstations,
Declare the certification authorities on which user certificates depend,
Declare corporate LDAP directories to manage certificate exchanges,
Download SDS Enterprise agents' installation packages.
To use the SDMC console, start by creating a corporate account, then one or several administrator accounts as described in the section Logging in to SDMC.
You can also configure a security policy directly in a .json file and include it in the SDS Enterprise installation package. For more information on how to configuration this file, refer to the Advanced configuration guide.
You must have your own infrastructure to generate encryption and signature keys for the users in the company. You can then distribute them to users in whatever method you choose, for example via smart cards.
SDS Enterprise Data Mail uses public key cryptography technology.
Each user has a pair of keys: a private key and a public key. The private key is carefully kept by its owner. The public key, by contrast, is freely distributed.
A different key pair is required for each purpose:
A pair of encryption keys is required for encrypting and sharing confidential files or e-mails,
A pair of signature keys is required to sign documents or e-mails,
To encrypt files or send encrypted messages to peers, users must know their peers' public encryption key.
Public keys are distributed as certificates. A certificate is an electronic document that links a public key to its owner. SDS Enterprise manages certificates with the X.509 V3 format. These certificates are stored in users' trusted address book, as explained in the following section.
If the encryption key or certificate is renewed, the certificates (and associated key) used for past data encryption must be kept so that this data can be decrypted at a later date.
For more information on managing certificates, refer to the sections Managing authority certificates and recovery certificates in SDMC and Setting account creation parameters.
SDS Enterprise makes it possible to manage a trusted address book on users' workstations: you can add the certificates (public keys) of the users and authorities that you trust in the address book.
Users can be automatically added to the trusted address book via an LDAP directory.