SSProtect is a unique host-based data protection solution that combines ease-of-use with the highest level of data protection available. SSProtect operates with a tiny software component that runs on your host computer, moving sensitive operations to the cloud. This isolates operations from host malware, complicating attacker's tasks while minimizing impact to you.
SSProtect :Email is a Microsoft Outlook Add-In that applies these protections to message content. The Add-In does not carry out core security tasks, since Outlook is not at all appropriate for such operation. Instead, it uses our SSProtect :Expand interface to securely transfer data to/ from the host software component that in turn coordinates operations with the cloud - all with very little impact to you (and a lot to an attacker).
Install the :Foundation Client
The :Foundation Client, often called SSProtect, is the host-based application that runs in the background servicing data protection requests. It will manage your Account and subsequent :Email configuration. To install:
- Open a browser and navigate to https://definisec.com/downloads.html
- Download and run the setup program. Depending on your computer's User Account Control settings, you may be prompted twice to permit privilege elevation.
There are two packages from which to choose. One includes a filesystem driver that enables :Shell In-Place Encryption, while the other does not. The latter is specifically for those that will only protect email, or for cases when the filesystem driver imposes compatibility challenges with other aspects of the host. This is rare. When in doubt, choose the full package with the filesystem driver. Refer to text at the end of this article for more information.
SignUp for and Provision an SSProtect Account
SSProtect will automatically install the :Email Outlook Add-In once you login to a valid Account configured to use it. Use the following procedure:
- When setup completes, you may be asked to reboot. You can defer, though In-Place Encryption will not be operational until you do. This is not required for email.
- Double-click the desktop shortcut
- Navigate to the Notification Tray then right-click the SSProtect Icon
- Choose Refresh Login...
- Click the Profile dropdown and select, Create New...
- Enter the email address you wish to correlate with your new Account
- Check the Add :Email checkbox
- Choose Create... and wait for your code to arrive in your Inbox
- Copy and paste the code into the Code edit field, then choose Verify
- At the password prompt, choose a new password, twice, then Register
At this point, you should have a Login dialog prompt that includes your email address embedded into a Profile alias. Enter the password from step 10, above, then choose Login to proceed. A number of things will happen at this stage, described in, 1st-Time Use - one being automatic installation of the Outlook Add-In. This may prompt you to restart Outlook - follow on-screen instructions and address the remaining Startup prompts to proceed. When complete, you should see the SSProtect :Email ribbon control group in your Outlook Explorer view:
Protect an Existing Outlook Message
Protect an existing Outlook message with the following procedure:
- Choose an existing email item; double click to open
- On the Ribbon, in the SSProtect :Email control group, choose Protect Now.*
Your message is now protected, as you can tell by the new format that obfuscates the original plaintext. To open your message, double-click. This will automatically decrypt content (among other things) and present it for you to view. If you close the message, it will return to encrypted (protected) form. Else, you can choose, Release Protection and the message will return to plaintext and remain that way when you close the item.
* If you do not see the SSProtect :Email control group, you will have to navigate through File, Options, Add-Ins in Outlook to manually enable the Add-In. Most often, choosing the Go button brings up the list of registered Add-Ins, and you can scroll down to SSProtect :Email and, if the checkbox is blank, check the item and return to the main display. This almost always addresses any issue with initial install. For more information, see Installing :Email.
Preparing to Send Protected Messages
SSProtect is designed to be non-intrusive. Sharing protected content with teammates (Organization peers) is automatic, as noted by the, "Zero-Config Sharing" terminology throughout documentation.
However, as an Individual, you are not a member of an Organization - yet. You can transition to an Organization using the information provided in the article, Converting to an Organization Account. Until that time, all recipients to whom you address messages must be configured as Third Party Trusts.
Third Party Trusts
Third Party Trusts enable an Organization to share data with users (Accounts) in other Organizations. This is a one-way association that permits recipients to access your protected content. For details, see, Managing Third Party Trusts.
As an Individual Account, you are effectively working as an Organization that isn't named and visibly displayed. As such, you can add a Third Party Trust as follows:
- Click the SSProtect Icon in the notification tray
- Click the :Collaborate Sharing menu
- Choose the Add Trust submenu
- Enter the email address of an associated also using SSProtect
- SSProtect will prompt you with results. Click OK, then the ESCape key to exit
Once the Trust has been added, you can author protected content to the configured address, though the recipient will have to Refresh Login... in order to pick up the change.
You can send protected content to any recipient - Policy settings determine behavior if/ when a recipient isn't recognized. In fact, until the Trust you setup, above, performs a Refresh Login..., the :Email add-in will prompt you, indicating that the recipient isn't recognized. You can override this warning by choosing the button noted in the dialog text (No). This protects and sends the message - the recipient can, at any later time, open the message if authorized.
Also, note that your Account is not immediately visible to others. You may have already been prompted with a notice, and chosen to proceed - not mentioned since it's very simple. Once you carry out this task, others that trust your Account will no longer be prompted (or denied) when addressing you in protected email.
Protecting a Message
To author and send a protected message, use the following procedure:
- Compose a new Outlook message - you can use any format you like
- Address a Third Party Trust (or Organization peer)
- Enter the Subject and Body of the message
- Make sure, Protect on Send is checked in the SSProtect :Email ribbon control group
- Send the message
As noted above, if you entered a recipient not (yet) authorized to view your protected content, default policy results in a prompt and a choice whether or not to continue. The software can also remove any unauthorized recipients for you, then deliver the message to those that are able to read it.
Limitations when Not Using the Filesystem Driver
:Email is limited when you are not using SSProtect with the filesystem driver. Of highest importance, the Outlook email attachment cache will not be protected. Thus, any plaintext attachments you save (from protected and/ or unprotected emails) may be left on your mass storage device, thus available to attackers. When using the software with the filesystem driver, this area is locked down.
You also cannot automatically open protected Attachments, directly from the message, without the filesystem driver. Instead, you have to save protected Attachment and manually choose, SSProtect Release from the Explorer context menu. You can reach this option by holding the Shift key, then right-clicking a protected target file in a folder listing.
If, when using Outlook, SSProtect is not running, click the SSProtect Inactive button in the SSProtect :Email control group. This will restart the local client software. If you have more than one Profile, make sure the Profile you are using matches the Inbox you are working with. Outlook reflects this in certain viewing panes, enabled by default, though easily changed with many Outlook settings and features beyond the scope of this article.
For immediate assistance, send questions to firstname.lastname@example.org.
This article was updated w/ v3.1.2 of SSProtect :Email