Versions Compared

Old Version 43

changes.mady.by.user Former user

Saved on

compared with

New Version 44

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This topic explains what Vormetric GuardPoints are and how GuardPoints can be used to protect and encrypt data.

...

Widget Connector
urlhttps://www.youtube.com/watch?v=sWszjVFGI-Q

...

Before you begin, you must:

...

A GuardPoint is a folder or directory path that Vormetric protects and controls. Once a policy is selected and applied to a folder, that path is considered a GuardPoint.

Note

Keep in mind the following notes about GuardPoints:

  • Once a folder becomes a GuardPoint, the policy assigned to that GuardPoint will control what can access that GuardPoint.
  • The policy that controls access to the GuardPoint does not replace the operating system permissions; however, the policy can replace the operating system permissions.
  • Applying a Guard Point to a folder does not mean the data inside is encrypted.
    • The data will need to be encrypted by one of two methods, Copy Method or Data Transformation.

...

When you create a GuardPoint to protect (or guard) a folder that contains plain text data, the policy associated with that GuardPoint will control the access to that folder; however, a guarded folder does not encrypt data. As a result, you must manually encrypt the data. 

Vormetric offers two methods to encrypt data: the Copy Method and the Data Transform Method. The primary difference between the two methods is that the Copy Method requires you to move the data and the Data Transform Method does not.  

The steps below focus on the Copy Method. The Data Transformation method will be covered in a separate article.

...

Note

Before you follow the Copy Method, you must: 

  • Create a new folder on your virtual machine outside of the intended GuardPoint. All data inside the intended GuardPoint will be moved temporarily into this temporary folder.
  • Processes and users that are accessing the intended GuardPoint will need to be stopped, such as databases, open files, user sessions, etc.
  • You will need to have at least one Learn Mode policy already configured.

 The encryption agent on the host machine needs exclusive rights to the folder in order to successfully guard (or unguard) a folder via the Data Security Manager (DSM) console.

To encrypt data via the Copy Method: 

...

On the host machine, move all data out of the intended GuardPoint into a temporary folder. 

Note
Make sure that folder permissions have not changed. The move-and-copy process can sometimes alter file/folder permissions.

...

  • If the status does not turn green, there may be a person or process still accessing the folder. The encryption key that is applied in the Learn Mode policy will encrypt the data as the data is being transferred back into the GuardPoint. 
  • If you copy the data, you still have a clear text copy of the data in the temporary folder. After you confirm that services are running as expected, you can delete the temporary folder. 

...

Was this helpful?