SSProtect protects and manages your data using secured and coordinated execution on both your host computer and with KODiAC Cloud Services. Files are converted from plaintext to ciphertext, moved to the cloud, stored, recalled, emailed, copied, deleted, restored, accessed, modified, and so forth - and every action impacts the date/ time stamp associated with the file.
This article describes SSProtect's impact on managed file dates and times to help you better understand what to expect from associated operations.
File Access Details and General Policy
Windows provides three date/ time attributes for every file:
- Creation Time
- Last Access Time
- Last Write Time
These attributes are impacted when software applications make changes to files. The remainder of this article describes the impact you can expect to encounter for common SSProtect operations.
Protection vs. Conversion vs. Encryption
It is unfair to characterize data protection with the terms Encryption and/ or Decryption, since a great deal of protective capability is derived from the use of other cryptographic measures. For this reason, we use the terms Activate and Release to depict the reality of adding an item to the protective, managing scope of SSProtect. Throughout documentation, this is most often referred to as Protect and Release (Unprotect).
Data Encryption and Decryption are used to obfuscate content from unauthorized users, providing data confidentiality. We most often refer to the acts of Encrypting/ Decrypting as Conversion, preferring the use of a generic reference without (or with minimal) implied meaning.
SSProtect Conversion employs temporary files and other resources to achieve its' goals, managed by configuration policies hidden from view to simplify and/ or eliminate confusion. If you encounter incompatibilities while using the software, contact our Support team to setup a discussion. This will be far more fruitful than attempting to understand the methods and realities without informed insight.
Protecting with Double Encryption
As a matter of Policy, SSProtect operating in Double Encryption Mode does not make modifications to date/ time fields independently. As such, Double Encryption will not affect the Last Write Time when a plaintext file is Protected. This reduces the potential for compatibility issues that arise from the use of other software that relies on this information while at the same time retaining visibility into application use of your content.
Protecting with Optimized Offloading
SSProtect operating in Optimized Offloading Mode will impact file dates and times, just as any other application. As a result, when you apply Protections to a plaintext file, the resulting date/ time data will change in accordance with Operating System practices. The impact is similar to, if not the same as, that associated with accessing, modifying, and saving a file with its' managing application - a .docx file with Microsoft Word, for example.
As expected, the act of Releasing Protections follows the Mode of Operation's impact when Protecting. With Double Encryption, you can Release Protections without impacting file date/ time information. This is not the case with Optimized Offloading, which changes associated access data.
Plans for Zero-Impact Conversion
Differences in the way Operating Modes affect file date/ time information will be eliminated when Optimized Offloading is modified to function like Double Encryption.
Double Encryption and Event Timestamps
If you wish to view information regarding actions the software has taken on your content, you retain full date and time insight with :Assess reporting details described in this site's Topic of the same name. Note that this information will most often be slightly different from the results observed using Optimized Offloading since each operation utilizes a different clock source at a different time in the Conversion workflow.
When you access protected content, SSProtect plays an important role in retaining protections with patent-pending In-Place Encryption/ Protection. This allows you to utilize protected files in native software applications with assurances from malicious action that would otherwise have access to, "decrypted" content.
Though the re-encryption Policy of SSProtect (an aspect of re-Protection) impacts data files, the Double Encryption Mode of operation maintains file date/ time information resulting from use of the managing application (as per Operating System policies). As such, this use of SSProtect does not impact date/ time information.
As previously noted, Optimized Offloading operates differently, and will in this case apply final changes to target file content. This shifts the resulting date/ time stamp, though sometimes by less than a second (resulting in no visible impact).
When using :Recover to backup/ restore managed data, operation must employ Double Encryption. As a result, Restored content retains the date/ time information as it was last seen on the protecting host computer by the file's managing application. This avoids data masking takes place when date/ time information disregards these details and instead uses the current date/ time, not completely uncommon.
You can of course review :Assess logs to gain insight into dates/ times at which KODiAC Cloud Services act on managed content. If specific to your integration efforts, submit questions to our Support team and we will address them as required.
Time Zones, Daylight Saving, and Integrity Protection
The Operating System governs date/ time stamp changes for data flowing through a host computer. As content is managed by individual applications, date/ time information may change. This will impact SSProtect Integrity Validation, which requires content to retain the absolute state associated with plaintext content at a specific time.
Time Zone and Daylight Saving adjustments do not (often) impact Integrity Validation because of the way Windows utilizes file date/ time information and dynamic interpretation. As a result, you can utilize SSProtect to move data through KODiAC Cloud Services and onto another host in a different Time Zone with different Daylight Saving settings while retaining proper Data Integrity Validation and Conversion operation.
Such scenarios occur with Remote Profile Deployment and Archive Re(build) using the Protected Files Cloud Panel. You may also encounter similar dynamics by traveling from one region to another before Restoring a large quantity of managed data that then includes content sourced by different hosts in different regions.
For more information, refer to articles in the :Recover section of this site.
Masked :xRecovery Encoded Files
:xRecovery presents a special case, though it has been updated starting with v6.7.0 of the :Foundation Client. As such, Archives that hold file instances created before this release always get stamped with the current date/ time on Decrypt. Those that are created from that point onward will retain the original file's date/ time information, which will be attached to the Decrypted files generated with the :xRecovery Console.
For more information, refer to articles in the :xRecovery Topic of this site.
For More Information
For information regarding product features and content, consult the Document Index, or send email with specific questions to firstname.lastname@example.org.
This article was updated w/ v6.7.0 of the :Foundation Client