Guarding with CTE-U and CipherTrust Manager
After you register a client with a CipherTrust Manager, you can create as many GuardPoints on the client as you need. These GuardPoints can protect an entire device or individual directories.
How to Protect Data with CTE UserSpace
CTE UserSpace uses policies created in the associated key manager to protect data. You can create policies to specify file encryption, data access, and auditing on specific directories and drives on your protected hosts. Each GuardPoint must have one and only one associated policy, but each policy can be associated with any number of GuardPoints.
Policies specify:
-
Whether or not the resting files are encrypted.
-
Who can access decrypted files and when.
-
What level of file access auditing is applied when generating fine-grained audit trails.
A Security Administrator accesses CipherTrust Manager through a web browser. You must have administrator privileges to create policies using CipherTrust Manager. The CTE UserSpace Agent then implements the policies once they are pushed to the protected host.
CTE UserSpace can only enforce security and key selection rules on files inside a guarded directory. If a GuardPoint is disabled, access to data in the directory goes undetected and ungoverned. Disabling a GuardPoint and then allowing unrestricted access to that GuardPoint can result in data corruption.
In order to guard a device or directory, you need to use the CipherTrust Manager Console to:
-
Access the CipherTrust Manager domain to which the client is registered.
-
Identify or create an encryption key that CTE-U will use to encrypt the data on the device or directory.
-
For comprehensive policy information, see Managing Policies.
Note
For CTE UserSpace, you can only create Standard Policies.
-
Create a Standard GuardPoint for the device or directory.
