DriveLock File Protection

A license is required to use File Protection.

DriveLock File Protection provides transparent and automatic encryption across all files and folders. Users working with the files do not 'notice' that they have been encrypted, meaning that the encryption and decryption process takes place automatically in the background whenever a file is being accessed.

File Protection includes:

  • File encryption on local computers, central directories on a server, external USB data carriers or cloud-based services (e.g. Microsoft OneDrive, Google Drive)

  • Authentication when accessing encrypted directories with user name/password or via X.509-based certificates

  • Integrated, fully functional public key infrastructure (also independent of AD)

DriveLock had already introduced a new encryption format with version 2022.2, which was applied to new DriveLock agents by default. The old format could be retained for existing agents. The DMC has a specific policy setting that allows you to automatically select which format is used or whether both formats are used simultaneously starting with version 2023.2. However, different encryption formats can be defined if required.

Functionality

Every time a folder is being accessed, DriveLock checks whether it is an encrypted folder for all computers where DriveLock File Protection is active. When such a folder is detected, the current user’s permissions are validated and encryption or decryption is automatically performed in the background as files in the folder are accessed.

You can exempt specific processes, such as backup programs or file synchronization operations, from the automatic encryption and decryption. This prevents any impact on existing system maintenance routines.

Management of the folders can either be performed centrally for each individual folder via the DES or independently of the DES.

To authenticate users, DriveLock File Protection can use the following two methods:

  • Passwords: To access files in an encrypted folder, a user must provide a password.

  • Certificates: Authentication uses a certificate from the user’s certificate store in Windows or from a smart card or token.

    Click here for further information on how to create certificates.

    When using centrally managed folders, the only way to authenticate is via certificates.

Before you start using DriveLock File Protection, please consider the following points:

  • Do you want to use centrally managed folders?

  • Do you want to use user certificates or passwords for authentication?

  • How do you want to issue user certificates, if required?

  • What settings will apply to the encryption and decryption of data?

  • What file protection options are available to the user on their computer?

  • What will be the folder structure that you will use for storing encrypted data and files?