The Digital Guardian Secure Collaboration Platform Frequently Asked Questions (FAQ)

How is Digital Guardian Secure Collaboration different than traditional DRM tools, like Microsoft RMS or AIP? 

Traditional digital rights management (DRM) tools are limited by the file types they support (only Office and PDFs), an inflexible framework that requires a client at all times, and the difficulty of implementation and use for business users. Digital Guardian Secure Collaboration is a data security platform that can secure any file type, provides a seamless end-user experience and gives admins complete control of their information anywhere the file travels, whether or not the recipient has a product client in place.

How is Digital Guardian Secure Collaboration different than traditional DLP products? 

DLP products scan and process data to prevent sensitive information, including PII and PHI, from leaving the organization. Once that data leaves the network, DLP products cannot track or dynamically revoke access if sensitive information is leaked from the company. It can be either network or endpoint-based, each having their own unique benefits and challenges. DLP technologies have traditionally been prone to false positives, and as such, some of their best use-cases are for controlling very predictable and structured content in very specific situations. For example, DLP might be used for ensuring that credit card numbers do not leave the Cardholder Data Environment of network. However, as content and locations get more complex, DLP can develop problems very quickly.

How is it different than a CASB product? 

CASBs have proven to be highly valuable to enterprises on a variety of fronts. At their core, a CASB is able to extend security policy to an enterprise’s cloud applications in much the same way a traditional firewall would protect on-premise applications. What we see is that a CASB can lose control over data after it has been accessed. Users can still copy the content, store it in insecure personal drives, share it with other parties, or have it compromised by malware or attackers. While a CASB can help illuminate an application blind spot, it does not ensure that data itself remains safe. 

This is where Digital Guardian Secure Collaboration compliments a CASB product. 

Digital Guardian Secure Collaboration protects unstructured data, and a CASB allows you to fulfill the gaps in structured data. From an unstructured data perspective, when Digital Guardian Secure Collaboration encrypts a file in Box, it can break some of the functionality of Box, namely search. You can use a CASB to protect the file as it’s sent to Box, and gives the ability to use that file while it’s unencrypted, so you have the benefits under their infrastructure. However, when that file starts to egress and leave the company, that’s when the CASB would call on the product API to extend their protection, encrypt the files, and maintain that ownership of the file, once it leaves the protection of the CASB sphere.

What file types does Digital Guardian Secure Collaboration secure? 

The product is a content-agnostic platform, so we can secure any type of file, including; PDF, XLS, PPTX, JPEG, PNG, MP4, XLSM, DOC, DOCX, XLSX, TXT, JPG, BMP, AVI, CSV, PPT, RTF, GIF, MOV, WMW, including CAD/CAM files used in the manufacturing industry. Please see the RFP Guide for more information on coverage.

What operating platforms are supported? 

Windows, Mac OS, iOS (iPad and iPhone), Android, and Surface.

How does encryption work? 

Digital Guardian Secure Collaboration is a secure shell - an HTML shell - around each of your most sensitive files. 

The product encryption: 

1. Encrypts the file with AES 256-bit encryption 
2. Enforces access control (who has access to it?) 
3. Allows you to control what people can/ cannot do with your information (disable printing, copy/paste, and others) 

As people open your file, this sends a request to the Digital Guardian Secure Collaboration cloud, which confirms whether or not that person has access and what their rights are to the document. For more information, please see the security architecture and the RFP Guide. 

How can I be sure that the product does not see or store my data? 

The Digital Guardiann Secure Collaboration Cloud Platform manages the policy and controls for each customer, or tenant on the platform, and securely manages the processes of creating keys, enforcing access policies and aggregating events and activities for audit and reporting purposes. No customer data or content is stored.

How does it work with file share tools? 

Digital Guardian Secure Collaboration integrates with Box, Dropbox, and SharePoint. If your organization uses one of these content repositories, you can set up the product to automatically encrypt the files placed in a designated folder. For publication of view-only files, you can set up a simple rule to establish this process. For more involved collaboration, the installation of a Share Connector enables you to map Box/Dropbox/SharePoint roles to Digital Guardian Secure Collaboration roles to ensure that the right people get the right access. For SMB file shares, you can use the product integration to automatically secure content stored on SMB file shares in your organization. Users just drag-and-drop files into the designated folder. The product automatically applies the restrictions defined for that folder.

What is the definition of a “user”? 

A licensed user means any individual using an identity on a customer-controlled email domain (e.g., [email protected]) where such individual is authorized by the customer to access, send, receive, collaborate on, modify, or review any data or document encrypted using the Services. Licenses are concurrent, meaning they are portable between users should one user no longer need, and a new user replaces them, on an annual basis.

How does the product work with content management systems? 

Digital Guardian Secure Collaboration operates independently of most content management systems. Therefore, incorporating the product into your content management processes involves encryption and access from outside of the repositories. Though this means users need to extract files from content management in order to view and edit, you can automate the security of this content using the SDK.

What is Activity Logging? 

Digital Guardian Secure Collaboration captures file-related events, enabling you to see who is accessing your content and what they are doing with it. The Syslog integration is also available for incorporating the product logs into your organization’s logging server.

How does the product confirm my identity? Authenticate me? 

The product supports several authentication methods, including; Microsoft Active Directory and ADFS as well as Azure Active Directory; Oauth via Google; SAML-based Single Sign-on (SSO) authentication from various Identify Providers (IdP) including Okta, Ping, OneLogin, and Centrify. Integration is also available for incorporating Digital Guardian Secure Collaboration logs into your organization’s logging server.

Do viewers need to download an application or a plugin to view files? 

No. Viewers do not need to download any client to view files. Authentication (if you require it) can simply happen in the browser. Once a user is authenticated, protections can be applied and viewing of files will simply happen in the browser. You can also give the ability for users to download the file if you wish as well. There are lots of options. This allows recipients external to the organization the ability to easily access data without having to install any plugins or clients and within their default browser. Authentication is controlled in multiple ways for external users. One example is simply doing email authentication, this is where the user would receive a second verification email. Users inside the organization usually have the client installed on their endpoint (iOS, Android, Windows, macOS). This allows them to easily access secure files in native applications without having to add any additional steps. Users with a client can also easily manually secure data in multiple ways. This, however, is usually managed through automation by the admins and does not require a client.

Do viewers need to download an application or a plugin to view files? 

No. Viewers do not need to download any client to view files. Authentication (if you require it) can simply happen in the browser. Once a user is authenticated, protections can be applied and viewing of files will simply happen in the browser. You can also give the ability for users to download the file if you wish as well. 

There are lots of options. This allows recipients external to the organization the ability to easily access data without having to install any plugins or clients and within their default browser. Authentication is controlled in multiple ways for external users. One example is simply doing email authentication, this is where the user would receive a second verification email. Users inside the organization usually have the client installed on their endpoint (iOS, Android, Windows, macOS). 

This allows them to easily access secure files in native applications without having to add any additional steps. Users with a client can also easily manually secure data in multiple ways. This, however, is usually managed through automation by the admins and does not require a client.

Can I update user permissions after I have shared or sent information? 

Absolutely. Digital Guardian Secure Collaboration can update recipient rights, even after information has been shared. The admin or file owner can dynamically update the user permissions in bulk (e.g., everyone that has access to the file), or change access controls for specific individual recipients.

Does the product work with network shares, Box, Dropbox, SharePoint, etc? 

Absolutely. There are native integrations with Box, Dropbox. What this means is that any file dropped into a Digital Guardian Secure Collaboration secured Box/Dropbox folder is automatically protected, and we inherit the permissions and access controls from Box/Dropbox. If the file ever leaves Box and Dropbox, Digital Guardian Secure Collaboration permissions stick to the file to make sure it’s protected, anywhere it travels.

What’s the difference between access control and file security? 

How does the product provide “data in use” protections? Access control is the list of people that can and cannot access your information. Digital Guardian Secure Collaboration security goes a step further allowing you to control your data when it’s in others’ hands. Digital Guardian Secure Collaboration protects your data as others use it – so you can restrict printing, disable copy/paste, enforce time restrictions – and those protections travel with the file, anywhere it travels, anywhere it’s stored.

How does offline access work? If I’m on a plane, how do I authenticate? 

First and foremost, IT admins can decide whether or not to grant offline access to files and set how long the file can be offline before requiring that someone re-authenticate. If you’re on a plane, you can open and access secure information easily, as long as you have been granted access and you’ve authenticated to the Digital Guardian Secure Collaboration cloud before moving offline. Note: offline access requires having a Digital Guardian Secure Collaboration native app installed. To access the web-based experience (browser view), you need to be online.

Can you kill a file or revoke access if the user is offline? 

Yes. If a user wants to do anything malicious with a file, they’ll have to log back online to email or share it. Once access is revoked for a user and that user logs back online, they won’t have access to the file. If the user remains offline for an extended period of time, at some point (set by the Admin) they’ll be timed out of the app. The product will force the user to log back online to authenticate, and once they do, access will be denied.

How does offline access work? If I’m on a plane, how do I authenticate? 

First and foremost, IT admins can decide whether or not to grant offline access to files and set how long the file can be offline before requiring that someone re-authenticate. If you’re on a plane, you can open and access secure information easily, as long as you have been granted access and you’ve authenticated to the Digital Guardian Secure Collaboration cloud before moving offline. Note: offline access requires having a Digital Guardian Secure Collaboration native app installed. To access the web-based experience (browser view), you need to be online.