Support Center

Protection, Storage, and Recovery

Last Updated: Dec 16, 2018 01:40AM PST
This article explains how SSProtect manages protected content, the advantages of using :Recover, and  configuration considerations with component dependencies.

Introduction
:Recover is an optional SSProtect component. As with other optional components*, it does not require additional installation or host-specific configuration and can be added at any time using the procedure described in the article, License and Components Interface.

* :Email is the only exception, which installs a Microsoft Outlook Add-In, invoked automatically on SSProtect Login when appropriate. See Installing :Email for details.

This article describes the basic protection mechanism and how :Recover extends it for seamless backup/ restore. It also describes its' additional features, then enumerates considerations associated with Quotas and how they can be effectively used to maximize cloud storage usage.

Empowering Additional Capabilities
:Recover is an optional component, required for use of both :xRecovery and :Respond Automatic Sabotage Remediation (but not :Respond Risk Disclosure Reporting). Both rely on data stored by :Recover, have zero impact to end-user workflows, but are inoperable for periods of time :Recover is not enabled. Each can be enabled on-the-fly, with retroactive capability, but take caution that :Recover can be independently enabled/ disabled for each Organization Account. This has a direct impact on both services.

The effectiveness of these components depends entirely on the data available to them. Although you can defer the inclusion of extended features, :Recover as a viable consideration should be enabled as early as possible, and as extensively as possible, to make certain both :xRecovery and :Respond Remediation remain viable options when required.

Seamless Backup/ Restore
:Recover securely stores, in the cloud, an encrypted/ protected/ isolated copy of a managed file each time it is accessed. :Recover enables UI controls that allow you to Restore, at the press of a button, any stored version of a managed item, providing automatic, seamless version-based recovery capabilities.

Protective Mechanism
SSProtect is based on our patented methodology for managing stored content independent from the software used to access and modify data. It employs a filesystem driver that provides exclusive application access to protected content. This is used together with a unique Access Control and Encryption mechanism that offloads sensitive operations to the cloud. This delivers enhanced data protection using integrated two-factor authentication for Access Control while maintaining exclusive, continuous data protection while content is modified in native application software.

Cloud operations 
utilize additional techniques to optimize data transfer and isolate decryption keys from the host and encrypted content. This makes it very difficult for attackers to offload/ copy data or search host computers for residual decryption keys. For details, contact our Support team to setup a focused discussion.

Protection Overhead
SSProtect was specifically designed to minimize impact to the end-user, and at-present, this is limited to Login proceedings and any configured use of a two-factor authentication token. System resource requirements are largely negligible when compared to other WIndows applications and system components, though normal access proceedings are impacted by the overhead of encryption and decryption, the end-result is often insignificant for typical business applications and data.

To get the best take on impact, download and evaluate the software on a typical system. You can, in fact, from, "scratch", install, provision, and protect in less than 90 seconds (once familiar with all steps - more typically it takes a couple minutes the first time).

Extending the Protective Mechanism for :Recover
:Recover extends this mechanism to transfer file contents to the cloud for safekeeping. Due to optimizations and the nature of data access, the more time-consuming data transfer takes place after you finish working with materials. As a result, the transfer takes place in the background and most often doesn't impact end-user activities in any perceived way.

For details, see the article, Using :Recover.

Close to Zero End-User Impact
The total impact to an end-user is the need to Login to SSProtect on occasion (governed by the Session Timeout, which is configurable) and the use of a second authentication factor, which is often a USB token plugged into the host (that may require physical presence operation). This is the preferred and most secure method, and SSProtect prompts the user to touch the USB key or press the key's button, when required.

Restoring Content
There are multiple ways to Restore content, often using the :Confidential Files display that enumerates protected items and their attributes. This allows you to restore a single item, peruse and Restore past versions, and/ or choose multiple items to restore in a single operation.

You can also browse the Cloud Archive of stored content and Rebuild the entire tree structure, then move content to locations you wish you use long-term. This is described in the article, The Cloud Archive.

Retaining Business Continuity
When :Recover is used with Remote Profile Deployment, it provides a much-needed way to transfer content to a new host computer such that business continuity is retained when hardware fails, or a host computer needs to be analyzed for other reasons. This process depends on the size of the Account's Archive, and the Rebuild is now automated, prompting you on Startup once the software recognizes you are deploying another instance of your Account (without matching Host data).

This procedure can be automated with the :Expand interface, allowing you to extend imaging and automated deployment/ rebuild procedures to include SSProtect-secured host data content.

Quotas
When you add :Recover to an Account or Organization, you are given a Quota of storage space for cloud-stored content. This Quota can be distributed to Organization Accounts any way you like, though the default setting for new Users divides the total Quota by the number of licensed Seats for the Organization (for convenience). For details, see the article, Archives and Quotas.

Quota Limits and Stored Version Limitations
When you are assigned a Quota - whether for an Individual Account or Organization, by default, the system is configured to maintain the last 3 versions of each file, in all cases. This way, multiple changes to a single file won't preclude storage of other files.

For example, if with a limited Quota a User engages in making multiple changes to a large file, he/ she may run up against his/ her Quota limit. If he/ she then tries to add a new file, it will fail. With the stipulation to keep the last 3 versions, older instances of the larger file can be removed to make space. Using this approach, end-users can manage a larger number of files for the allocated space.

The overhead for operating at the Quota limit is minimized by an optimized KODiAC Cloud Services algorithm that continually updates managed content in preparation for managing these limits, imposing almost no dynamic Conversion overhead for consideration and removal of old items.

Making Quota Changes
You can request an increase in your Quota at any time, and can also change the default number of versions stored, though that of course doesn't affect anything that has already been removed for new data items. You can also request that all versions of all files remain stored, even when the Quota limit is reached. Details will be covered in the final Service Agreement between you or your company and the Service Provider (currently DefiniSec).

Immediate Considerations
As noted at the top of the article, :Recover empowers :xRecovery and :Respond Automatic Sabotage Remediation. Without stored content, you won't be able to utilize either of these features. It's important to consider and enable :Recover as soon as possible, though you can defer inclusion of other features until a later date, without impact to capability.


Getting Further Assistance
You can search this site for more information on various topics, or use this link to submit a specific request. You can also send email directly to support@definisec.com, and our staff will respond to your needs as soon as possible.

In the meantime, don't forget to check out our primary website and Insights columns for information on current trends, security topics, and how our technologies relate.

 

This article was updated w/ v8.5.1 of the :Foundation Client

Contact Us

ed5301d112e75fde24d469c55568f50b@definisec.desk-mail.com
https://cdn.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete