File encryption

deploying secure, easy to use file encryption on end user workstations is often challenging however, the file encryption functionality of the data protection license on the {{k3}} eliminates many of the traditional hurdles to deployment from a user perspective, file encryption creates two folder types for their use input folders take files and pass them to the {{k3}} to be encrypted output folders receive files after encryption to decrypt a file, use the file encryption agent gui or the command line interface (fxcli) this guide provides more details on these options later depending on the needs of the organization deploying file encryption, you can create multiple profiles and input or output folder sets each profile can reference its file type, encryption keys, key rotation policy, and more as an example of the preceding folder structure, if administrators define a pdf encryption policy is defined by administrators, the system sends the sample invoice pdf in the input folder to the {{k3}} , encrypts it, and sends it to the output folder as sample invoice pdf enc to decrypt sample invoice pdf enc , use the file encryption agent gui or fxcli folder monitoring methods file encryption works by having an input folder where you can move files to be encrypted and an output folder for those encrypted files this process requires monitoring the input folder for new file uploads we support the following folder monitoring methods kmes monitored folders and agent monitored folders in both scenarios, encryption occurs on the {{k}} kmes monitored folders with {{k}} monitored folders, you use sftp or cifs to mount the {{k}} to a folder share then, you create a file encryption profile on the {{k}} that defines what folder to monitor, the parameters of what to encrypt, and where to save the file after encryption (either locally in a data partition on the {{k}} or on a folder share) agent monitored folders with agent monitored folders, you can deploy an agent (a lightweight application running on a windows or linux system) on either servers or individual workstations then, administrators configure the agent by using a gui based application or a configuration text file for batch deployment permissions and access control the {{k3}} offers robust, permission based access controls, enabling administrators to give users only the ability to perform required tasks on a global level, you can restrict file encryption agents to allow only encryption operations, allow only decryption operations, or allow both at the end user level, give access to individual input and output folders that permit encryption or decryption of only certain file types file portability and integrity checking each encrypted file uses a unique encryption key and message authentication code (mac) key, which enables file portability and file integrity checking file portability enables administrators to move files between systems and maintain the ability to decrypt them integrity checking provides cryptographic assurance that files have not been tampered with because the {{k3}} fips 140 2 level 3 validated cryptographic module generates these keys, the process provides high assurance, and you can meet rigorous compliance requirements