Automatically protecting folders in synchronized shared spaces

The administrator must have previously enabled automatic folder protection for one or more types of collaborative workspace synchronized in SDMC. For more information, refer to the section Configuring Stormshield Data Share in the Administration guideSDS Enterprise.

To automatically protect a new file placed in a synchronized folder:

1. Log in to SDS Enterprise.
2. Move your file to the synchronized folder of your choice (e.g., OneDrive, Dropbox).
   It is automatically protected: it now has a .sdsx extension and its icon displays a small padlock. You will be the only person who can view them.

You can then authorize other users to access your protected files in the collaborative workspace.

If you only need a file once, you can share it directly. To do so:

1. Right-click on the file,

2. Select Stormshield Data Security > Edit access.

3. In the Select recipients window, add coworkers or groups as described in Managing coworkers on an encrypted file.

If you need to share files on a recurring basis with the same coworkers, we recommend that you create a sub-folder within the collaborative workspace folder and add a specific protection rule to this folder. To do so:

1. Right-click on the sub-folder and select Stormshield Data Security > Automatically protect folder.

2. In the Select recipients window, enter the names of the coworkers or groups in the search field. The search can display coworkers present in the trusted directory, or in the LDAP directory if configured.

3. Click on OK.

4. If you wish, apply the new rule immediately to the entire contents of the folder.
   A protection rule is created containing the path to the folder along with the user or list of users authorized to decrypt its contents.
   All new files and folders that are moved to this folder will now be automatically encrypted. A blue padlock appears on their icons.
5. If you wish to apply the rule later to all folder contents already present before automatic protection was enabled, right-click on the protected folder and select Stormshield Data Security > Advanced > Apply changes to the entire folder.

To edit a protection rule, for example to add coworkers for example, select the Stormshield Data Security > Edit access menu.

If you subsequently move a protected file out of the synchronized space, it will remain protected. In this case, however, you can remove the protection. For more information, refer to the section Decrypting a file or a group of files.

If a collaborative workspace folder is not already protected by the security policy, you can create an automatic protection rule yourself to protect the files you place in the folder:

1. In Windows Explorer, right-click on the collaborative workspace folder you wish to protect and select Stormshield Data Security > Automatically protect folder.
   The Select recipients window opens with only your name because by default you are the only person allowed to decrypt the folder's content.

2. If you wish to share the contents of the protected folder with other users, enter their name or the name of a group in the search field. The search can display users present in the trusted directory, or in the LDAP directory if configured.

3. Click on OK.
4. If you wish, apply the new rule immediately to the entire contents of the folder.
   A protection rule is created containing the path to the folder along with the user or list of users authorized to decrypt its contents.
   All new files and folders that are moved to this folder will now be automatically encrypted. A blue padlock appears on their icons.
5. If you wish to apply the rule later to all folder contents already present before automatic protection was enabled, right-click on the protected folder and select Stormshield Data Security > Advanced > Apply changes to the entire folder.

If some of the files in the folder have already been protected, the following behaviors apply:

• Users who were allowed to access these files will be replaced with those specified by the more recent protection rule.
• Files that are already encrypted, and which you are not allowed to access, will not be processed.
• Files encrypted in .sbox format will not be processed.

To edit a protection rule, select the Stormshield Data Security > Edit access menu.

If you move the folder and its content, the protection rule will be updated. All the content remains protected and automatic protection will remain enabled on the folder.

If you wish to disable automatic folder protection, see Disabling automatic folder protection.

When you create a rule to protect a collaborative workspace folder, you cannot only authorize other users to access the encrypted content, but also share the rule with them. Sharing the rule avoids the need for everyone to create the rule on their own workstation, and enables the same protection rule to be applied to all recipients of the rule.

From the moment the rule is created and shared, all new files placed in the folder by any user listed in the rule are encrypted for all recipients of the rule. If files were already present in the folder before the protection rule was created, it is up to each user with files encrypted for them to apply the changes to their folder, as described below, if they wish to give access to their files.

It is not possible to transform a shared automatic protection rule into a non-shared rule, and vice versa. The choice must be made when the rule is created and this choice is final.

Requirements

For a shared rule to be automatically applied to selected users, each user must already have an automatic protection rule on their collaborative workspace folder:

• If automatic protection is enabled via the security policy, users do not have to do anything.

• If this is not the case, each user must first create an automatic protection rule on the folder so that SDS Enterprise can apply the shared rule.

Sharing the protection rule

1. Right-click on the folder in question and select Stormshield Data Security.

2. Select Automatically protect folder.

3. In the Select recipients window, select the desired coworkers or groups.

4. Check the Share protection rule box. A hidden system file .SDSRULE containing the rule details will be created in the folder. When the rule's recipients go to the relevant folder on their workstations, the rule will automatically apply to them. New files placed in the folder will be encrypted for them and for all recipients of the rule.

5. Immediately apply the new rule to the entire contents of the folder, if you want all files already in the folder, whether or not they are encrypted for you, to be encrypted for all recipients of the rule.

6. If you wish to subsequently apply the rule to the entire contents of the folder already present before the rule was created, or if a rule recipient wishes to encrypt their files already present for all other recipients, right-click on the protected folder and select Stormshield Data Security > Advanced > Apply changes to the entire folder.

For sharing to work, users must be logged into their SDS Enterprise account.

Editing a shared protection rule

You can edit a shared protection rule to add or remove recipients from the rule. All users sharing a rule can edit it.

To edit a shared rule applied to a collaborative workspace folder:

1. Right-click on the folder in Windows Explorer.
2. Select Stormshield Data Security > Edit access.
3. Add or remove a coworker from the rule, then confirm.
   The rule is changed for all recipients. For a user removed from the rule, any files they place in the folder in question are now unprotected.

Deleting a shared protection rule

To delete a shared protection rule on a collaborative workspace folder:

1. Right-click on the folder in Windows Explorer.
2. Select Stormshield Data Security > Advanced > Disable protection on the folder.

The rule is then deleted for all recipients of the rule.

Any recipient of a shared rule can delete the rule.