Location based encryption behaviour

Hello,

we are currently testing location based encryption with Sophos SafeGuard and are experiencing some weird behaviour, maybe one of you has seen this before.

 

Our basic test setup consist of three policies

sec_HRI_sec -> encrypt with key for HR-International

sec_HRL_sec -> encrypt with key for HR_local

sec_<%USERNAME%>_sec -> encrypt with user private key

 

So far this has worked great for us and users can create encrypted folders anywhere in the currently existing folder structure, no matter if locally, on a WebDAV share or a network share. However when files are moved around we are seeing some weird behaviour that is not quite easy to explain.

 

If files are copied to any of the folders, everything is correct and the policies are applied and all files are encrypted.

If we move files, this looks a bit different.

 

Moving files from a local source folder to a destination folder on a network share:

non encrypted file -> folder with encryption policy = file will be encrypted correctly

encrypted file -> folder with different encryption policy = file will be encrypted according to the policy of the new folder

 

 

 

Moving from the network share to a different folder within the same network share:

non encrypted file -> folder with encryption policy = file is not encrypted (it states that a policy is available so)

encrypted file -> folder with different encryption policy = file is still encrypted with the previous policy

 

Is this something anyone has experienced yet? The manual way of checking everytime after moving files really crushes the transparent working aspect in this case...

 

Thank you!

Christian

  • Hi Christian,

    Moving from the network share to a different folder within the same network share:

    non encrypted file -> folder with encryption policy = file is not encrypted (it states that a policy is available so)

    encrypted file -> folder with different encryption policy = file is still encrypted with the previous policy

    This should be normal, it's the client that handles the encryption so if you copy the file locally to a SafeGuard protected machine then copy it to a folder with a policy applied you should see the file is encrypted correctly.

  • In reply to Toby_DataEncryption:

    Hello,

     

    first of all, thank you for your answer. To me this does not seem like a straight-forward behaviour so.

     

    Why is the behaviour different if I create a file new on a network share -> encryption works correctly

    vs:

    The moving example explained above.

     

    Also we have been testing a bit more with different shares and have seen a few other behaviours again.

    For example we connect a WebDAV folder to a Windows 7 PC and create a folder that matches a policy filter (eg. sec_HR_sec). Now if we create files and save those directly from within the application to the connected share, depending on the application files are encrypted or not...

    Snipping Tool / PNG -> encrypted

    Editor / Text File -> encrypted

    Microsoft Word / Docx -> not encrypted

    Microsoft Excel / XLSX -> not encrypted

    Microsoft PowerPoint / PPTX -> not encrypted

     

    Is this also expected behavior?

    Your information is much appreciated.

    Christian

     

  • In reply to Toby_DataEncryption:

    Hello Toby,

    just curious. Depending on the file system and where a files resides a move doesn't cause a file, i.e. its contents, to be written but just some directory information to be updated. Is it the case that because no data is written the file's encryption state doesn't change in this case?

    Christian (another)

  • In reply to QC:

    Hello,

     

    that is a great thought, I was thinking the same, which would explain the behaviour when moving the file within the same network share. When copying there will always be a new file.

     

    In that case only the behaviour with Office Applications and the WebDAV share is weird. Can anyone test this in their environment and confirm that this is the case?

     

    Thank you.

    Christian

  • In reply to Chris_P:

    And after some more testing, it basically boils down to:

    Files being moved on a network share are encrypted correctly.

    Folders with files being moved keep their previous state. All files within the folders keep their previous state as well.