IntroductionThis article provides everything necessary to acquire, install, provision, and use as an Organization User. This requires a Registration Email message which, if not already available, can be acquired by contacting your SSProtect Organization's Administrative Team. Refer back to the Quick Start article for role clarification and related materials.
Each section of this article offers high-level guidance with references to related materials that contain in-depth information. This allows you to quickly work through basic requirements then selectively pursue areas of interest.
Starting with v8.5.2, your Registration Email will tell you if your Organization pre-installs the :Foundation Client on host computers provided to you, and/ or which package your team(s) prefer or expect you to use. When necessary, directions will stipulate use of the Primary or Alternate Package from the Downloads page.
For package detail and/ or older versions of the software, refer to the article, Where do I find the Software?.
Accessing the :Foundation Client UI
Getting Help from the :Foundation Client UI
All UI components include a Help button, which redirects you to a specific article on this site. If you prefer to discover things on your own, explore the displays using the context menu, and use the Help button to refer to individual topics that suit your interests.
Using the Registration Email, to provision your Organization Account. You will not be able to proceed until you complete this process, which requires Administrative Validation.
Validation protects against malicious intercept of Account Provisioning email that would otherwise grant the attacker access to shared content. As such, you cannot establish a Login Session (below) until one of your Organization Administrators or Delegates verifies, usually in person, that you were the participating Provisioning resource.
Once Validated, you will receive an email message indicating that your Account is ready for use.
NOTE: Administrative Validation is also required after you execute a Password Reset operation.
Login Sessions remain active for a configurable amount of time. You do not have to enter your password again during this period, and you will be re-prompted with the first subsequently-related activity after a Session expires.
If your Organization configures 2FA for your Account, it will be required with each protected operation. Your Organization Administrators will provide you with related requirements. uses Login Sessions to manage context. You don't have to explicitly Login - you will be prompted to do so when the software detects activity that requires its' intervention. Use the Profile/ credentials you created during Provisioning.
Working with Content
The next several sections walk you through basic use, which includes further detail as follows:
- Our Technology provides a high-level description of the process
- Managing Data w/ SSProtect provides additional insight on this process
- :Confidential/ :Shell Topic contains a collection of related articles
Double-clicking a protected file launches its' default application and opens the file, in plaintext, for you to use. This puts the target file in a protected operating mode, which precludes others from reading and writing the source plaintext file while, "opened" in application software. This also prohibits sync and sharing applications from updating cloud content with unprotected plaintext - an inadvertent reality achieved everday by unwilling end-users.
When you Save and Close a protected file, it is re-encrypted before protective isolation is removed. This re-enables normal file operation - move, rename, copy, attach to email messages, coordinate changes with sync and sharing software, etc.
This process extends typical file encryption by removing the need for manual encrypt/ decrypt operation while maintaining protection over plaintext content independent from application data owners. This inhibits, "wait and offload" techniques employed by attackers who compromise hosts computers, wait for you to Login (even w/ 2FA), then proceed to copy unlocked content (slowly/ quietly).
You can, from within application software, directly, "load/ save" managed content using the software's native UI. This is often in the form of File/ Open menu operation (or similar). So long as the calling application matches the default registered handler for the managed filetype, SSProtect will intercept the request and apply authentication/ protection on the fly, then isolate the application's access to resulting plaintext content (as noted in the previous section).
Default handlers associated filetypes with software application - for example, Microsoft Word for .docx files, Reader for .pdf files, etc.
In-Place Encryption is being extended to provide more flexibility in choosing how applications work with managed content, extending this mechanism such that you can natively access managed content from more than the default application (which can be changed with Windows configuration proceedings). doesn't, however, interpret access activity from non-default applications. In such cases, the application ends up reading ciphertext directly, which results in an attempt to load a, "corrupted" file.
Sharing Content with Organization Peers
By default, you have access permission to any file (or managed email message) created by an SSProtect Organization Peer. Access requests are centrally controlled by KODiAC Cloud Services, which manages dynamic changes to related Policies.
Note that content isn't automatically transferred to peers, you still have to share content as you did before using the mechanisms you prefer, i.e. email, shared/ mapped server folders, cloud sync and sharing software, etc.
Sharing Content with Third Party Trusts
You can allow secured access to managed content for other Accounts (Users) outside your Organization using something called a Third Party Trust. This requires manual configuration, for your Organization, by an Administrator or Delegate - keeping data access permissions in the hands of Policy makers rather than end-users.
Configuration changes are immediate, and relationships can be temporarily disabled and re-enabled at any time. If you wish to share managed content with those outside your Organization, submit a request to your Organization Administrators.
For more information on this facility, refer to the article, Protected Data Sharing.
All Accounts include a basic set of capabilities, as follows:
- :Access for 2-factor authentication; see Credentials, Keys, and 2FA
- :Assess for secure access event auditing and reporting
- :Collaborate for sharing data with external users using Third Party Trusts
- :Confidential/ :Shell, with references in the preceding sections
A short summary of system components is available in the article, Components and Names.
Additional capabilities can be individually added/ removed for an Organization and sometimes individually enabled/ disabled for Users within the Organization. Configuration is limited to Organization Administrators and Delegates, and includes all optional SSProtect components:
- :Recover for secure cloud Backup and on-demand Restore and Host Re-Deployment
- :xRecovery Disaster Recovery w/ offline Account/ Organization :Recover Archives
- :Respond for Sabotage (Ransomware) Remediation
- :Respond for On-Demand, Objective Disclosure Risk Reporting
- :Honeypots that monitor plaintext, "dummy" files for early presence detection
Your Organization can also enable Outlook Email protection, which when authorized, automatically installs and configures the associated Outlook Add-In.
Note that protected email messages to/ from Organization Peers are automatically accessible due to built-in :Policies, described in the :Collaborate Topic articles.
Refer to the articles in the :Email Topic for specifics.
You can search this site for more information on various topics, or use this link to submit a specific request. You can also send email directly to firstname.lastname@example.org, and our staff will respond to your needs as soon as possible.
In the meantime, don't forget to check out our primary website and Insights columns for information on current trends, security topics, and how our technologies relate.
This article was updated w/ v8.5.1 of the :Foundation Client