The Digital Guardian Secure Collaboration Platform Frequently Asked Questions (FAQ)

Summary 

The Digital Guardian Secure Collaboration platform enables businesses of all sizes to effectively protect any kind of data, and then track, audit and manage the policies securing it in real-time, no matter where it travels, or where it’s stored. It’s imperative that you are able to secure sensitive documents, no matter what device, person, cloud or application creates or receives that data, even if - and after - it falls into the wrong hands.

Frequently Asked Questions

Digital Guardian Secure Collaboration was founded in 2014 by data security experts who realized that in today’s highly collaborative world, there is no perimeter. The goal was to solve the problem of helping IT and security teams control information as it’s shared beyond their borders, and especially when it’s “in use ” when it’s in others’ hands. In 2020, Secure Collaboration was acquired by Fortra (HelpSystems).

Traditional digital rights management (DRM) tools are limited by the file types they support (only Office and PDFs), an inflexible framework that requires a client at all times, and the difficulty of implementation and use for business users. Secure Collaboration is a data security platform that can secure any file type, provides a seamless end-user experience and gives admins complete control of their information anywhere the file travels, whether or not the recipient has a Secure Collaboration client in place.

DLP products scan and process data to prevent sensitive information, including PII and PHI, from leaving the organization. Once that data leaves the network, DLP products cannot track or dynamically revoke access if sensitive information is leaked from the company. It can be either network or endpoint-based, each having their own unique benefits and challenges. DLP technologies have traditionally been prone to false positives, and as such, some of their best use-cases are for controlling very predictable and structured content in very specific situ-ations. For example, DLP might be used for ensuring that credit card numbers do not leave the Cardholder Data Environment of network. However, as content and locations get more complex, DLP can develop problems very quickly.

CASBs have proven to be highly valuable to enterprises on a variety of fronts. At their core, a CASB is able to extend security policy to an enterprise’s cloud applications in much the same way a traditional firewall would protect on-premise applications. What we see is that a CASB can lose control over data after it has been accessed. Users can still copy the content, store it in insecure personal drives, share it with other parties, or have it compromised by malware or attackers. While a CASB can help illuminate an application blind spot, it does not ensure that data itself remains safe. 

This is where Secure Collaboration compliments a CASB product. 

Secure Collaboration protects unstructured data, and a CASB allows you to fulfill the gaps in structured data. From an unstructured data perspective, when Secure Collaboration encrypts a file in Box, it can break some of the functionality of Box, namely search. You can use a CASB to protect the file as it’s sent to Box, and gives the ability to use that file while it’s unencrypted, so you have the benefits under their infrastructure. However, when that file starts to egress and leave the company, that’s when the CASB would call on the Secure Collaboration API to extend their protection, encrypt the files, and maintain that ownership of the file, once it leaves the protection of the CASB sphere.

Secure Collaboration is a content-agnostic platform, so we can secure any type of file, including; PDF, XLS, PPTX, JPEG, PNG, MP4, XLSM, DOC, DOCX, XLSX, TXT, JPG, BMP, AVI, CSV, PPT, RTF, GIF, MOV, WMW, including CAD/CAM files used in the manufacturing industry. Please see the Secure Collaboration RFP Guide for more information on coverage.

Digital Guardian Secure Collaboration was founded in 2014 by data security experts who realized that in today’s highly collaborative world, there is no perimeter. The goal was to solve the problem of helping IT and security teams control information as it’s shared beyond their borders, and especially when it’s “in use ” when it’s in others’ hands. In 2020, Secure Collaboration was acquired by Fortra (HelpSystems).

Secure Collaboration supports Windows, Mac OS, iOS (iPad and iPhone), Android, and Surface.

Secure Collaboration is a secure shell - an HTML shell - around each of your most sensitive files.

Secure Collaboration’s encryption:

  1. Encrypts the file with AES 256-bit encryption
  2. Enforces access control (who has access to it?)
  3. Allows you to control what people can/ cannot do with your information (disable printing, copy/paste, and others)

As people open your file, this sends a request to the Secure Collaboration cloud, which confirms whether or not that person has access and what their rights are to the document. For more information, please see the Secure Collaboration security architecture and the RFP Guide.

The Secure Collaboration Cloud Platform manages the policy and controls for each customer, or tenant on the platform, and securely manages the processes of creating keys, enforcing access policies and aggregating events and activities for audit and reporting purposes. No customer data or content is stored on the Secure Collaboration Cloud Platform.

Secure Collaboration integrates with Box, Dropbox, and SharePoint. If your organization uses one of these content repositories, you can set up Secure Collaboration to automatically encrypt the files placed in a designated folder. For publication of view-only files, you can set up a simple rule to establish this process. For more involved collaboration, the installation of a Share Connector enables you to map Box/Dropbox/SharePoint roles to Secure Collaboration roles to ensure that the right people get the right access.

For SMB file shares, you can use the Secure Collaboration integration to automatically secure content stored on SMB file shares in your organization. Users just drag-and-drop files into the designated folder. Secure Collaboration automatically applies the restrictions defined for that folder.

A licensed user means any individual using an identity on a customer-controlled email domain (e.g., [email protected]) where such individual is authorized by the customer to access, send, receive, collaborate on, modify, or review any data or document encrypted using the Services. Licenses are concurrent, meaning they are portable between users should one user no longer need, and a new user replaces them, on an annual basis.

Secure Collaboration operates independently of most content management systems. Therefore, incorporating Secure Collaboration into your content management processes involves encryption and access from outside of the repositories. Though this means users need to extract files from content management in order to view and edit, you can automate the security of this content using the Secure Collaboration SDK.

Secure Collaboration captures file-related events, enabling you to see who is accessing your content and what they are doing with it. The Syslog integration is also available for incorporating Secure Collaboration logs into your organization’s logging server.

Secure Collaboration supports several authentication methods, including; Microsoft Active Directory and ADFS as well as Azure Active Directory; Oauth via Google; SAML-based Single Sign-on (SSO) authentication from various Identify Providers (IdP) including Okta, Ping, OneLogin, and Centrify. integration is also available for incorporating Secure Collaboration logs into your organization’s logging server.

No. With Secure Collaboration, viewers do not need to download any client to view files. Authentication (if you require it) can simply happen in the browser. Once a user is authenticated, protections can be applied and viewing of files will simply happen in the browser. You can also give the ability for users to download the file if you wish as well. There are lots of options.

This allows recipients external to the organization the ability to easily access data without having to install any plugins or clients and within their default browser. Authentication is controlled in multiple ways for external users. One example is simply doing email authentication, this is where the user would receive a second verification email.

Users inside the organization usually have the Secure Collaboration client installed on their endpoint (iOS, Android, Windows, macOS). This allows them to easily access secure files in native applications without having to add any additional steps. Users with a client can also easily manually secure data in multiple ways. This, however, is usually managed through automation by the admins and does not require a client.

Absolutely. Secure Collaboration can update recipient rights, even after information has been shared. The Secure Collaboration admin or file owner can dynamically update the user permissions in bulk (e.g., everyone that has access to the file), or change access controls for specific individual recipients.

Absolutely. Secure Collaboration has native integrations with Box, Dropbox. What this means is that any file dropped into a Secure Collaboration secured Box/Dropbox folder is automatically protected with Secure Collaboration, and we inherit the permissions and access controls from Box/Dropbox. If the file ever leaves Box and Dropbox, Secure Collaboration permissions stick to the file to make sure it’s protected, anywhere it travels.

Access control is the list of people that can and cannot access your information. Secure Collaboration security goes a step further allowing you to control your data when it’s in others’ hands. Secure Collaboration protects your data as others use it – so you can restrict printing, disable copy/paste, enforce time restrictions – and those protections travel with the file, anywhere it travels, anywhere it’s stored.

First and foremost, IT admins can decide whether or not to grant offline access to files and set how long the file can be offline before requiring that someone re-authenticate with Secure Collaboration. If you’re on a plane, you can open and access secure information easily, as long as you have been granted access and you’ve authenticated to the Secure Collaboration cloud before moving offline. Note: offline access requires having a Secure Collaboration native app installed. To access the web-based experience (browser view), you need to be online.

Yes. If a user wants to do anything malicious with a file, they’ll have to log back online to email or share it. Once Secure Collaboration revokes access for a user and that user logs back online, they won’t have access to the file. If the user remains offline for an extended period of time, at some point (set by the Admin) they’ll be timed out of the app. Secure Collaboration will force the user to log back online to authenticate, and once they do, access will be denied.

Yes. This is a feature that can be disabled on the Secure Collaboration dashboard.

Access control is the list of people that can and cannot access your information. Secure Collaboration security goes a step further allowing you to control your data when it’s in others’ hands. Secure Collaboration protects your data as others use it – so you can restrict printing, disable copy/paste, enforce time restrictions – and those protections travel with the file, anywhere it travels, anywhere it’s stored.

While Secure Collaboration provides insight into where your data is accessed, we can’t restrict access based on location or set rules preventing users from accessing the data in certain countries. However, you can always dynamically change access to users and revoke or update their access at any time, no matter where in the world they happen to be.

Secure Collaboration stores meta-data but our servers never store the content of your files. We are currently working on encrypting meta-data at Secure Collaboration.

Journaling is a compliance requirement where financial services firms have to log and retain any information pertaining to investments. Journaling software needs to be searchable. The concern for firms is that if Secure Collaboration is encrypting files, how do we search them in the journaling software? Secure Collaboration can save two copies of the file and send the unsecured copy of the file to journaling software.

Secure Collaboration's secure shell is extremely light and only adds about 3% additional weight to the file. Secure Collaboration only stores meta-data, which makes for a very lightweight wrapper. Our customers haven’t experienced any latency sending files abroad.

Would we have any visibility when the email is sent, or would it trigger only when the recipient tried to open or work with the file? Secure Collaboration would be able to see the action when the recipient tries to open or work with the file.

While Secure Collaboration provides insight into where your data is accessed, we can’t restrict access based on location or set rules preventing users from accessing the data in certain countries. However, you can always dynamically change access to users and revoke or update their access at any time, no matter where in the world they happen to be.

Journaling is a compliance requirement where financial services firms have to log and retain any information pertaining to investments. Journaling software needs to be searchable. The concern for firms is that if Secure Collaboration is encrypting files, how do we search them in the journaling software? Secure Collaboration can save two copies of the file and send the unsecured copy of the file to journaling software.

Secure Collaboration's secure shell is extremely light and only adds about 3% additional weight to the file. Secure Collaboration only stores meta-data, which makes for a very lightweight wrapper. Our customers haven’t experienced any latency sending files abroad.

Secure Collaboration does not store customer data or content. The information stored in the Secure Collaboration Cloud Platform is limited to the encryption keys, policy definitions, user account information, and audit log data for the Secure Collaboration Dashboard. Secure Collaboration can’t actually see the information inside your files. We separate the encryption keys from where the content is physically stored.

Data encrypted at rest by Secure Collaboration is secured with AES 256-bit encryption. In transit, Secure Collaboration employs TLS 1.2 and SSL 3.0 to protect customer data.

Secure Collaboration sits between the operating system and the application layer. Think of it as a sandwich (OS–Secure Collaboration–applications, e.g., Word). Secure Collaboration can block commands the application sends to the OS -- blocking the ability to copy/paste, print, save, save as, etc.

Secure Collaboration stores the encryption keys, policies and usage rights in our cloud instance on Amazon Web Services (AWS), all separated logically for each customer. Note: we do offer customers the ability to manage their own keys with a local key store service.

One thing that’s really valuable about our platform is that Secure Collaboration separates security (encryption keys) from your content. Your content and your company’s data is stored with you, and Secure Collaboration only stores and manages those keys and usage policies. This means that if Secure Collaboration is subpoenaed, we couldn’t share your company’s data because Secure Collaboration doesn’t have it. Assuming the subpoena is valid, and that it’s a subpoena with a gag order forcing Secure Collaboration to comply, the only thing we could hand over would be the meta-data (e.g., metadata includes the encryption keys, usage policies, permissions, file details, etc.).

Secure Collaboration is located in one region (AWS US West 2/Oregon) mission-critical components span a minimum of two availability zones and Secure Collaboration's data is distributed across three availability zones within the Oregon region.

In the event Secure Collaboration cloud service is unavailable, customers will receive notification of the outage condition and estimated time to resolution. Authentication will be unavailable until the situation is resolved, however, all offline policies will continue to be enforced.

Secure Collaboration runs across multiple AWS (Amazon Web Services) regions. We plan for both disaster and recovery but have built a system for disaster avoidance. We do allow customers to manage their own disaster recovery scenario, take a copy of the key store and have a backup on-premises. Box and Dropbox, for example, do not allow for this type of on-premise solution.

No. Secure Collaboration uses a single, symmetric-key algorithm for both encryption and decryption. At Secure Collaboration, the same key that encrypts a file is the key used by a recipient to decrypt it on his end.

It is fairly straight-forward to remove Secure Collaboration protections from any object, whether you are a current customer, or have decided to move on. Administrators and file owners have the ability to directly unsecure a file, individually or in bulk. Additionally, through the Secure Collaboration API and SDK, large quantities of files in your applications and repositories can be restored to their earlier state. Also, using the Secure Collaboration dashboard (which you can have access to for a fixed period of time after termination of a contract), you can easily locate the owners and last accessed loca-tions of any file, making retrieval and unsecuring straightforward.

Secure Collaboration can be deployed automatically (admins deploy to end-user machines) or end-users can download Secure Collaboration themselves. Either option is available to customers. If automatically, this would be a silent installation and management. For internal users, our Secure Collaboration app can be silently installed via an MSI using your SCCM and/or MDM solution of choice. Users in this case never have to download anything.

Yes. One of our deployment options allows customers to manage the keys on-premises though most of our customers deploy Secure Collaboration as a cloud-based model.

Yes. Secure Collaboration has a client-based SDK that allows security teams to weave in Secure Collaboration data security capabilities into third-party apps and homegrown business applications. Our sales engineer can provide more detailed information.

See how Digital Guardian can protect your organization’s sensitive data and critical assets.

SCHEDULE A DEMO