Enable Local Encryption

Prerequisites

Before you enable the DLP features, make sure that Active Directory Certificate Services has been set up.

You can setup the policy to enable encryption of the files that are situated on the user devices. We call this "local file encryption".

Once enabled, every device that uses the Policy will be provided with a certificate (also known as a key) and local encryption is applied. The data on a device can only be accessed by authenticated users if the certificate is available.

The certificate is used when controlling access to the data on a device. By revoking the certificate in Endpoint Cloud, you remove it from the device and so the data on the device becomes inaccessible.

If you enable the Data Theft Prevention feature, the certificate is revoked automatically on devices that fail to connect with Endpoint Cloud within a certain time period (see Enable Data Theft Prevention).

To enable or disable local file encryption on a Policy:

  1. Display the Policy Editor for the Policy that you want to change (click Policies and then click on the Policy).
    Note

    The Policy Editor is displayed automatically when you create a new Policy.

  2. Click the DLP tab.
  3. Use the Encryption slider to enable or disable local file encryption (green is enabled, grey is disabled).

    dlp-encryption.png

  4. Click Save or Save and Close to confirm.