SSProtect is delivered as a set of Component Services that can be enabled or disabled at any time. Configuration is managed each time you Login to your SSProtect Account using the :Foundation Client, the software you install and run on your host computer.
System services are then delivered by KODiAC Cloud Services. The set of services made available to each Account is governed by the Components licensed for its' use.
SSProtect utilizes a set of Core Services that deliver required baseline behavior. These include:
- :Confidential for data encryption and obfuscation from unauthorized viewers
- :Access for 2-factor authentication and managed plaintext data isolation
- :Collaborate for zero-configuration data sharing that retains normal workflows
- :Assess for secure data access event reporting, stored and generated in the cloud
Additional Components are enabled and disabled on the fly, and for Organization Accounts, each component is first associated with the Organization, then applied to and/ or configured for member Organization Accounts.
In some cases, a Component's association with an Account is automatic and unchanging, whereas in other cases, a Component available for an Organization can be independently enabled/ disabled and/ or specialized for each Organization Account. Configuration is managed by Privileged Organization Users with the Administer Users notification icon menu.
For Individual Accounts, component capabilities are always enabled immediately, with a slightly different method for configuration. For example, when an Individual Account adds :Recover, all subsequent conversions automatically utilize Hybrid Conversion for secure storage and restoration. This can be dynamically enabled and disabled using the Account Configuration interface.
At the beginning of this article, you saw the list of core components for all Accounts. Optional Components include:
- :Shell which integrates Windows Explorer as an entry point for managing scope*
- :Email that applies protection to Outlook messages using managed policies
- :Recover to enable seamless backup/restore to and from managed cloud resources
- :xRecovery for total Disaster Recovery, offering complete secure offline data access
- :Respond that offers Sabotage Remediation and Definitive Disclosure Risk Analysis
* - :Shell is automatically enabled when you install the Primary :Foundation Client Package that includes the filesystem driver, but is not available when using the Alternate Package. This latter case is only suitable for those focused exclusively on the use of :Email. Both are available for US download from the Downloads page.
As an Organization Administrator, Organization Delegate, or Individual Account holder, you have the ability to enable and disable optional Components for your Organization or for your own Individual Account. You also manage any potential specialization required for proper configuration and execution.
Navigate to the License and Components interface using the notification icon's context menu:
In this display, an Organization Administrator Account shows that :Email is enabled for all Organization Accounts, as is :Shell. :xRecovery is not available without :Recover, which along with :Respond can be added with a request from this interface.
Requesting Component Activation
To submit a request for an Optional Component, choose the associated checkbox. You will be prompted for confirmation, at which point a request will be sent to KODiAC Cloud Services for processing (KODiAC manages all Organizations, Accounts, cryptographic keys, and sensitive cryptographic operations in a highly protected, isolated environment).
Dynamic Component assignment requires human interaction, serving as a check and balance for changes to any Organization or Individual Account. DefiniSec Support staff will typically service your request within 15 minutes. You will receive email confirming (or denying) activation of the selected Component. You can at that time also exchange additional information for components as necessary (see below).
When a Component is activated, you may be directed to logout and back in to SSProtect (Refresh Login) to pick up dynamic changes. This enables you to proceed with further configuration proceedings. Specifics for components are described below.
After you make a Request, and prior to processing, the dialog will show the same UI text though the checkbox you chose will remain checked. If you inadvertently make a request, you can deselect the checkbox and, upon confirmation, cancel the pending Activation Request.
:Shell provides context menu items in Explorer to add and remove files to and from SSProtect's protective scope, while also enabling In-Place Encryption, a patent-pending mechanism that decouples protections from Application Software while applying continuous content protection, even while you work with plaintext data.
When :Shell is added to an Organization, all Accounts automatically configure the Explorer context menu and associated functionality - there is nothing to specialize.
:Shell is almost always enabled except when using SSProtect only for Outlook Email message protection, as previously noted. If you happen to be using multiple Profiles, and one is an Individual Account without :Shell and another an Organization Account with :Shell, you will retain Explorer context menus independent of your working context, though In-Place Encryption will only execute when you are working in an Organization Account Login Session.
:Shell activation becomes available when you migrate from the non-driver package to an installation with the driver. At present, this requires that you remove the non-driver installation, then install the full-featured package. Navigate back to this License interface, then choose :Shell; it will then be activated for ongoing use by all Profiles (though has to be activated in this fashion for each that doesn't already have it).
You can disable :Shell to de-activate the filesystem driver, however keep in mind that this will affect all other local Accounts. This will rarely be needed, but is useful for troubleshooting compatibility issues with other host software.
Finally, when the checkbox item is disabled, you do not have the package with the filesystem driver installed, or the filesystem driver has been removed. Send email to Support for assistance.
Requesting :Email is no different than requesting any other component, though once applied to your Account, operation is a bit different since new components are installed - specifically an Outlook COM Add-In that utilizes :Expand with your SSProtect :Foundation Client to protect messages. Installation is automatically carried out during your subsequent Login to SSProtect. For more information, see the article, :Email Install.
:Recover requires :Shell. When enabling :Recover, KODiAC manages dependencies and, through the coordinated efforts of DefiniSec Support staff, configures prerequisites - including :Shell activation.
After you receive email notification that :Recover (and potentially :Shell) has been enabled, navigate to the Administer Users UI using the notification icon's context menu. Select a target Account and choose Edit, then select :Recover before selecting Save. This is only required for existing Organization Accounts since new Accounts inherit your settings as a starting point.
:Recover is automatically enabled for an Individual Account. You can dynamically enable/ disable Optimized Offloading/ Hybrid Encryption using the Account Configuration dialog available from the SSProtect notification icon's context menu.
Activating :Recover for Many Organization Accounts
To manage a large number of Users, from the Administer Users UI, Export your Users, make the necessary changes to the resulting CSV file, then Import changes and choose Save All to commit.
Honeypots, :xRecovery, and :Respond
Configuration for these components is a bit more straightforward - once your Request is processed, you receive email notification that changes have been made (usually indicating that you should Logout and Login to SSProtect to pick up changes). Once you carry out this operation, new features are available for your use. Details can be found using the links associated with respective components enumerated in prior text.
Organization User Licensing Access
Non-Privileged Organization Users can visit the License and Components display, but cannot make changes - all edit controls will be disabled. The page will display dynamic Requests and resulting Component status, but will not provide opportunities to make changes.
Getting Additional Help
For more information on the use of Accounts, Organizations, and Components, see the article for Administering Users here. You can also send additional questions or suggestions to firstname.lastname@example.org, or post them here for others to answer see and answer.
This article was updated w/ v9.1.0 of the :Foundation Client