Secure Folders & Security Groups: Overview

TABLE OF CONTENTS

Secure Folders

Introduction

Secure Folders are specially designated storage locations in which Atakama encrypted files are saved. However, non-encrypted files can also be saved within Secure Folders. When Atakama is first installed, the initial Secure Folder is located at C:\Users\<username>\. You can create additional Secure Folders via the Secure Folders tab within the Control Center. Every Secure Folder has a corresponding folder locally on disk where the .kama file  are located.

 

Sharing

Each Secure Folder is assigned to a Security Group that governs the sharing permissions (i.e., who has access) to all of the encrypted files saved within the Secure Folder.

 

Cloud Backups

Using Atakama's CloudSync feature, you can link a Secure Folder to a cloud provider. All the files within the Secure Folder will be backed up to the cloud. 

 

Automatic Encryption

Secure Folders can be optionally configured to automatically encrypt files under certain circumstances. For example, if you are running data discovery and classification software (e.g., Microsoft Information Protection) that discovers files and labels them, Atakama reads the labels and automatically encrypts the file the instant it is labeled.

 

Encryption Workflows

There are two ways to encrypt files:


Right-Click Encrypt

Files can be encrypted from the context menu (right-click) by tapping on the "Protect with Atakama" option.

 

Context menu showing "Protect with Atakama" option 

 

Drag to Atakama Vault

Dragging a non-encrypted file into a Secure Folder via the Atakama Vault will cause the file to be instantly encrypted.

 

Access Workflows

There are two ways to access .kama files:


Actual Location on Disk

.kama files can be opened just like any other file wherever the file may be located.

When directly accessing a .kama file, some programs (e.g., Microsoft Word ) may report the file path as within the Atakama Vault. This is expected behavior.


Atakama Vault

Secure Folders are also accessible through the Atakama Vault. Only encrypted files will reside within the Atakama Vault. Files created directly in the Atakama Vault are immediately encrypted by default. Files can also be dragged-and-dropped into the Atakama Vault, but this is not recommended for new files. Files within the Atakama Vault will not show the ".kama" file extension. 


Considerations when accessing files through the Atakama Vault.

  • Files are immediately encrypted by default, so this is the most secure way to create a new encrypted file.
  • File icons are visible with their expected file extensions (i.e., without the ".kama" extension).
  • Accessing files through the Atakama Vault is a workflow change.
  • May require file folder reorganization.
  • Unencrypted remnants of a file could remain when the file is first created outside the Atakama Vault (e.g., before being dragged-and-dropped into the Atakama Vault or right-click to encrypt).

 

Security Groups

Security Groups are the cryptographic mechanism that allows users to access encrypted files (i.e., decrypt files) within Secure FoldersSecurity Groups can be granted access to multiple Secure Folders. Granting an Atakama Profile access to a Secure Folder will also add that user to the Security Group that has access to that Secure Folder

 

File-level access is the ability to open a file or see the list of files within a folder. File-level access is granted through access control lists (ACLs) or the web interface in the case of cloud providers. Cryptographic access is the ability to decrypt an encrypted file. Although it is possible to have either file-level access or cryptographic access, but both are necessary to access encrypted files (i.e., decrypt the file).

 

When a Security Group is granted access to additional Secure Folders, all Atakama Profiles within the Security Group will retain their respective cryptographic access. That is, Atakama Profiles that have cryptographic access to one folder will have cryptographic access to the second folder regardless of their file-level access.

 


Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.