Enabling data recovery

Recovery accounts make it possible to secure the use of SDS Enterprise. If, for example, a user leaves the company without decrypting all their data, the recovery account will allow them to recover all the data.

Recovery accounts are created by administrators of the public key infrastructure (PKI) that the organization uses.

SDMC makes it possible to list the certificates (public keys) of recovery accounts. This list is specific to each security policy.

Recovery certificates are shared on user workstations via the security policy, so all that users encrypt will also be encrypted with the recovery certificate. Such data can then be decrypted with the recovery account's private key.

Recovery accounts must be protected with a sufficiently strong password and kept in a safe location.

Recovery certificates must be added beforehand in the Certificate library menu.

In Policies > Accounts > Data recovery, indicate the recovery certificates that you wish to use for this policy:

  1. Click on Add from library.

  2. Select one or more certificates.

  3. Click on Add.

On the SDS Enterprise agent side, recovery certificates can be looked up in the user's key ring. For more information, refer to the section Decrypting a user's data with a recovery certificate.