TABLE OF CONTENTS
- Secure Folders
- Encryption Workflows
- Access Workflows
- Security Groups
Secure Folders are specially designated storage locations in which Atakama encrypted files are saved. However, non-encrypted files can also be saved within Secure Folders. When Atakama is first installed, the initial Secure Folder is located at C:\Users\<username>\. You can create additional Secure Folders via the Secure Folders tab within the Control Center. Every Secure Folder has a corresponding folder locally on disk where the are located.
Secure Folders can be optionally configured to automatically encrypt files under certain circumstances. For example, if you are running data discovery and classification software (e.g., Microsoft Information Protection) that discovers files and labels them, Atakama reads the labels and automatically encrypts the file the instant it is labeled.
There are two ways to encrypt files:
Files can be encrypted from the context menu (right-click) by tapping on the "Protect with Atakama" option.
Drag to Atakama Vault
There are two ways to access .kama files:
Actual Location on Disk
.kama files can be opened just like any other file wherever the file may be located.
Secure Folders are also accessible through the Atakama Vault. Only encrypted files will reside within the Atakama Vault. Files created directly in the Atakama Vault are immediately encrypted by default. Files can also be dragged-and-dropped into the Atakama Vault, but this is not recommended for new files. Files within the Atakama Vault will not show the ".kama" file extension.
Considerations when accessing files through the Atakama Vault.
- Files are immediately encrypted by default, so this is the most secure way to create a new encrypted file.
- File icons are visible with their expected file extensions (i.e., without the ".kama" extension).
- Accessing files through the Atakama Vault is a workflow change.
- May require file folder reorganization.
- Unencrypted remnants of a file could remain when the file is first created outside the Atakama Vault (e.g., before being dragged-and-dropped into the Atakama Vault or right-click to encrypt).
Security Groups are the cryptographic mechanism that allows users to access encrypted files (i.e., decrypt files) within Secure Folders. Security Groups can be granted access to multiple Secure Folders. Granting an Atakama Profile access to a Secure Folder will also add that user to the Security Group that has access to that Secure Folder.
File-level access is the ability to open a file or see the list of files within a folder. File-level access is granted through access control lists (ACLs) or the web interface in the case of cloud providers. Cryptographic access is the ability to decrypt an encrypted file. Although it is possible to have either file-level access or cryptographic access, but both are necessary to access encrypted files (i.e., decrypt the file).
When a Security Group is granted access to additional Secure Folders, all Atakama Profiles within the Security Group will retain their respective cryptographic access. That is, Atakama Profiles that have cryptographic access to one folder will have cryptographic access to the second folder regardless of their file-level access.