The Digital Guardian Secure Collaboration Platform Frequently Asked Questions (FAQ)

Secure Collaboration supports Windows, Mac OS, iOS (iPad and iPhone), Android, and Surface.

Secure Collaboration is a secure shell - an HTML shell - around each of your most sensitive files. 

Secure Collaboration’s encryption: 

1. Encrypts the file with AES 256-bit encryption 
2. Enforces access control (who has access to it?) 
3. Allows you to control what people can/ cannot do with your information (disable printing, copy/paste, and others) 

As people open your file, this sends a request to the Secure Collaboration cloud, which confirms whether or not that person has access and what their rights are to the document. For more information, please see the Secure Collaboration security architecture and the RFP Guide.

The Secure Collaboration Cloud Platform manages the policy and controls for each customer, or tenant on the platform, and securely manages the processes of creating keys, enforcing access policies and aggregating events and activities for audit and reporting purposes. No customer data or content is stored on the Secure Collaboration Cloud Platform.

Secure Collaboration integrates with Box, Dropbox, and SharePoint. If your organization uses one of these content repositories, you can set up Secure Collaboration to automatically encrypt the files placed in a designated folder. For publication of view-only files, you can set up a simple rule to establish this process. For more involved collaboration, the installation of a Share Connector enables you to map Box/Dropbox/SharePoint roles to Secure Collaboration roles to ensure that the right people get the right access. 

For SMB file shares, you can use the Secure Collaboration integration to automatically secure content stored on SMB file shares in your organization. Users just drag-and-drop files into the designated folder. Secure Collaboration automatically applies the restrictions defined for that folder.

A licensed user means any individual using an identity on a customer-controlled email domain (e.g., [email protected]) where such individual is authorized by the customer to access, send, receive, collaborate on, modify, or review any data or document encrypted using the Services. Licenses are concurrent, meaning they are portable between users should one user no longer need, and a new user replaces them, on an annual basis.

Secure Collaboration operates independently of most content management systems. Therefore, incorporating Secure Collaboration into your content management processes involves encryption and access from outside of the repositories. Though this means users need to extract files from content management in order to view and edit, you can automate the security of this content using the Secure Collaboration SDK.

Secure Collaboration captures file-related events, enabling you to see who is accessing your content and what they are doing with it. The Syslog integration is also available for incorporating Secure Collaboration logs into your organization’s logging server.

Secure Collaboration supports several authentication methods, including; Microsoft Active Directory and ADFS as well as Azure Active Directory; Oauth via Google; SAML-based Single Sign-on (SSO) authentication from various Identify Providers (IdP) including Okta, Ping, OneLogin, and Centrify. integration is also available for incorporating Secure Collaboration logs into your organization’s logging server.

No. With Secure Collaboration, viewers do not need to download any client to view files. Authentication (if you require it) can simply happen in the browser. Once a user is authenticated, protections can be applied and viewing of files will simply happen in the browser. You can also give the ability for users to download the file if you wish as well. There are lots of options. 

This allows recipients external to the organization the ability to easily access data without having to install any plugins or clients and within their default browser. Authentication is controlled in multiple ways for external users. One example is simply doing email authentication, this is where the user would receive a second verification email. 

Users inside the organization usually have the Secure Collaboration client installed on their endpoint (iOS, Android, Windows, macOS). This allows them to easily access secure files in native applications without having to add any additional steps. Users with a client can also easily manually secure data in multiple ways. This, however, is usually managed through automation by the admins and does not require a client.

Absolutely. Secure Collaboration can update recipient rights, even after information has been shared. The Secure Collaboration admin or file owner can dynamically update the user permissions in bulk (e.g., everyone that has access to the file), or change access controls for specific individual recipients.

Absolutely. Secure Collaboration has native integrations with Box, Dropbox. What this means is that any file dropped into a Secure Collaboration secured Box/Dropbox folder is automatically protected with Secure Collaboration, and we inherit the permissions and access controls from Box/Dropbox. If the file ever leaves Box and Dropbox, Secure Collaboration permissions stick to the file to make sure it’s protected, anywhere it travels.

Access control is the list of people that can and cannot access your information. Secure Collaboration security goes a step further allowing you to control your data when it’s in others’ hands. Secure Collaboration protects your data as others use it – so you can restrict printing, disable copy/paste, enforce time restrictions – and those protections travel with the file, anywhere it travels, anywhere it’s stored.

First and foremost, IT admins can decide whether or not to grant offline access to files and set how long the file can be offline before requiring that someone re-authenticate with Secure Collaboration. If you’re on a plane, you can open and access secure information easily, as long as you have been granted access and you’ve authenticated to the Secure Collaboration cloud before moving offline. Note: offline access requires having a Secure Collaboration native app installed. To access the web-based experience (browser view), you need to be online.

Yes. If a user wants to do anything malicious with a file, they’ll have to log back online to email or share it. Once Secure Collaboration revokes access for a user and that user logs back online, they won’t have access to the file. If the user remains offline for an extended period of time, at some point (set by the Admin) they’ll be timed out of the app. Secure Collaboration will force the user to log back online to authenticate, and once they do, access will be denied.

Yes. This is a feature that can be disabled on the Secure Collaboration dashboard.

Access control is the list of people that can and cannot access your information. Secure Collaboration security goes a step further allowing you to control your data when it’s in others’ hands. Secure Collaboration protects your data as others use it – so you can restrict printing, disable copy/paste, enforce time restrictions – and those protections travel with the file, anywhere it travels, anywhere it’s stored.

Secure Collaboration does not store customer data or content. The information stored in the Secure Collaboration Cloud Platform is limited to the encryption keys, policy definitions, user account information, and audit log data for the Secure Collaboration Dashboard. Secure Collaboration can’t actually see the information inside your files. We separate the encryption keys from where the content is physically stored.

Data encrypted at rest by Secure Collaboration is secured with AES 256-bit encryption. In transit, Secure Collaboration employs TLS 1.2 and SSL 3.0 to protect customer data.

Secure Collaboration sits between the operating system and the application layer. Think of it as a sandwich (OS–Secure Collaboration–applications, e.g., Word). Secure Collaboration can block commands the application sends to the OS -- blocking the ability to copy/paste, print, save, save as, etc.

Secure Collaboration stores the encryption keys, policies and usage rights in our cloud instance on Amazon Web Services (AWS), all separated logically for each customer. Note: we do offer customers the ability to manage their own keys with a local key store service.

One thing that’s really valuable about our platform is that Secure Collaboration separates security (encryption keys) from your content. Your content and your company’s data is stored with you, and Secure Collaboration only stores and manages those keys and usage policies. This means that if Secure Collaboration is subpoenaed, we couldn’t share your company’s data because Secure Collaboration doesn’t have it. Assuming the subpoena is valid, and that it’s a subpoena with a gag order forcing Secure Collaboration to comply, the only thing we could hand over would be the meta-data (e.g., metadata includes the encryption keys, usage policies, permissions, file details, etc.).

Secure Collaboration is located in one region (AWS US West 2/Oregon) mission-critical components span a minimum of two availability zones and Secure Collaboration's data is distributed across three availability zones within the Oregon region.

In the event Secure Collaboration cloud service is unavailable, customers will receive notification of the outage condition and estimated time to resolution. Authentication will be unavailable until the situation is resolved, however, all offline policies will continue to be enforced.

Secure Collaboration runs across multiple AWS (Amazon Web Services) regions. We plan for both disaster and recovery but have built a system for disaster avoidance. We do allow customers to manage their own disaster recovery scenario, take a copy of the key store and have a backup on-premises. Box and Dropbox, for example, do not allow for this type of on-premise solution.

No. Secure Collaboration uses a single, symmetric-key algorithm for both encryption and decryption. At Secure Collaboration, the same key that encrypts a file is the key used by a recipient to decrypt it on his end.

It is fairly straight-forward to remove Secure Collaboration protections from any object, whether you are a current customer, or have decided to move on. Administrators and file owners have the ability to directly unsecure a file, individually or in bulk. Additionally, through the Secure Collaboration API and SDK, large quantities of files in your applications and repositories can be restored to their earlier state. Also, using the Secure Collaboration dashboard (which you can have access to for a fixed period of time after termination of a contract), you can easily locate the owners and last accessed loca-tions of any file, making retrieval and unsecuring straightforward.

Secure Collaboration can be deployed automatically (admins deploy to end-user machines) or end-users can download Secure Collaboration themselves. Either option is available to customers. If automatically, this would be a silent installation and management. For internal users, our Secure Collaboration app can be silently installed via an MSI using your SCCM and/or MDM solution of choice. Users in this case never have to download anything.

Yes. One of our deployment options allows customers to manage the keys onpremises though most of our customers deploy Secure Collaboration as a cloud-based model.

Yes. Secure Collaboration has a client-based SDK that allows security teams to weave in Secure Collaboration data security capabilities into third-party apps and homegrown business applications. Our sales engineer can provide more detailed information.