Versions Compared

Old Version 40

changes.mady.by.user Former user

Saved on

compared with

New Version 41

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This topic explains what Vormetric GuardPoints are and how GuardPoints can be used to protect and encrypt data.

Video Tutorial 

...

Widget Connector
urlhttps://www.youtube.com/watch?v=sWszjVFGI-Q
This topic explains what Vormetric GuardPoints are and how GuardPoints can be used to protect and encrypt data.


Prerequisites

...

Before you begin, you must:


What are GuardPoints?

...

A GuardPoint is a folder or directory path that Vormetric protects and controls. Once a policy is selected and applied to a folder, that path is considered a GuardPoint.

Note

Keep in mind the following notes about GuardPoints:

  • Once a folder becomes a GuardPoint, the policy assigned to that GuardPoint will control what can access that GuardPoint.
  • The policy that controls access to the GuardPoint does not replace the operating system permissions; however, the policy can replace the operating system permissions.
  • Applying a Guard Point to a folder does not mean the data inside is encrypted.
    • The data will need to be encrypted by one of two methods, Copy Method or Data Transformation.


Guarding Data vs. Encrypting Data

...

When you create a GuardPoint to protect (or guard) a folder that contains plain text data, the policy associated with that GuardPoint will control the access to that folder; however, a guarded folder does not encrypt data. As a result, you must manually encrypt the data. 

...

  1. Log into the DSM as a Security Administrator.
  2. Stop all processes and users on the host machine from accessing the intended GuardPoint.

  3. On the host machine, move all data out of the intended GuardPoint into a temporary folder. 

    Note
    Make sure that folder permissions have not changed. The move-and-copy process can sometimes alter file/folder permissions.
  4. In the top menu, click Hosts, and then click the host name of the machine where you want to create a GuardPoint.

     Select Host.pngImage Modified

  5. Click the Guard FS tab. 
    • If you have other GuardPoints configured on this machine, those GuardPoints will be listed here. 

     Guard FS Tab.pngImage Modified

  6. Click the Guard button.

     Guard Button.pngImage Modified

  7. In Policy, select the desired policy. 

    Screen Shot 2016-07-19 at 11.29.28 AM.pngImage Modified

  8. Click Browse to remotely access the directory structure of the host machine.
  9. Locate and select the folder to guard, and then click OK. If you do not see the OK button, you may need to scroll down. 

    Selecting Guard Point.pngImage Modified

  10. Confirm the desired directory path, and then click OK. 

    Confirmning Path and Initiate Guarding Process.pngImage Modified

  11. The newly created GuardPoint will be listed and contain a red status in a table with other GuardPoints. Click Refresh to manually refresh the screen. When the GuardPoint has been pushed into the machine, the status will turn green.

    Pushing Policy to Guard Point.pngImage Modified

  12. After the status turns green, copy the data back into the GuardPoint. 
    • If the status does not turn green, there may be a person or process still accessing the folder. The encryption key that is applied in the Learn Mode policy will encrypt the data as the data is being transferred back into the GuardPoint. 
    • If you copy the data, you still have a clear text copy of the data in the temporary folder. After you confirm that services are running as expected, you can delete the temporary folder. 
  13. The next steps will include tuning the policy and will be covered in another article.

...