This article introduces documented Walkthroughs then guides you through creation of a Test Account for related use.
This series of articles is designed to provide interactive insight on SSProtect capabilities, switching between guidance specifics and descriptive text to offer firsthand knowledge of system functionality and capability. You will encounter a number of sections prefixed by the text, Looking Deeper, which provides more in-depth details related to the guidance provided by the Walkthrough.
This approach aims to more fully explain both the operation and goals of SSProtect, which not only protects data, but also manages operational continuity in the presence of ongoing security events and IT-related challenges.
SSProtect vs. :Foundation Client
You will, throughout the Walkthroughs and other documentation, often encounter general use of the term, SSProtect. Though SSProtect is the Unified Data Protection and Management System aimed at protecting your host-based application data, its' use in the Walkthroughs and related documentation can often be replaced with the more specific :Foundation Client reference - especially when referring to the User Interface and end-user interaction.
The :Foundation Client is the software you install on your host computer, and it implements logic to monitor managed content and respond to events and User input, coordinating execution with KODiAC (Cloud) Services. KODiAC is deployed and maintained by your Managed Service Provider, today most likely DefiniSec.
SSProtect does more than encrypt and decrypt data. Like most endpoint encryption software, SSProtect applies a variety of security primitives to managed content.
SSProtect also applies an extended amount of added service capability to content, depending on Policies associated with Accounts and/ or Organizations. Built-in and optional services are summarized on the DefiniSec website., and include facilities for Auditing/ Reporting, Secure Sharing, Backup/ Restore, Disaster Recovery, Ransomware Remediation, Disclosure Risk Insight, and others.
For these reasons, the use of, "encrypt/ decrypt" would be misleading. As an alternative, we use the following terminology:
- Protect/ Activate Protection - Add content or resources to the protective scope of SSProtect
- Release/ Release Protection - Remove content or resources from the protective scope of SSProtect
- Convert or Conversion - Change data from ciphertext to plaintext, or vice-versa
- Managed Open - The secure method of Converting managed ciphertext to plaintext while restricting access
- Managed Close - The secure method of Converting managed plaintext back to ciphertext before removing access restrictions
- Managed Access - The general operation of using Managed Open/ Close to securely access and modify content
Users/ Accounts, Individuals/ Organizations, Privileged/ Non-Privileged
An SSProtect Account is identified by an email address the associated User controls. A single email address is associated with one and only one SSProtect Account.
Throughout this documentation, you will encounter use of both SSProtect Account and SSProtect User. These two references are almost always interchangeable.
Accounts are either Individual Accounts or Organization Accounts. The former is as it seems - a single, self-managing Account. Perhaps less obvious, an Individual Account is a Privileged Account with the ability to carry out specific Privileged configuration tasks on itself.
The Test Account this article helps you Provision is an Individual Account. Walkthroughs show you how to Migrate to an Organization. More details are provided along the way, as they become relevant.
The Walkthroughs are written to be reviewed in ordered fashion, and work best since STEPS from one Walkthrough sometimes creates a system state that another relies upon. As such, the following progression works best:
Common Task Walkthroughs:
- Introduction and Preparation - this Walkthrough, which provisions your first Test Account
- Login and User Interface - beginning of the discussion on how to use the software
- Protect and Access Data - fundamentals for protecting and using managed content
- Restore Managed Data - ways you can Restore information when using :Recover
- Acquire Usage Reports - shows you how to scope and acquire the pre-canned Reports (from CSV data)
Simple Administration Walkthroughs:
- Migrate to an Organization - explains how to Migrate your Test Account to create an Organization
- Provision, Validate, Dismiss - guidance for Provisioning and onboarding new Organization Accounts
Sharing/ Managing Data Walkthroughs:
- Peer Data Sharing - walks through the reality of :Collaborate Zero-Configuration Data Sharing
- Third Party Trust Sharing - works through the creation and use of Third Party Trust associations
- :Recover w/ Shared Content - combines concepts together, defining common terms then offering usage examples
- Version Chains - explains this advanced Policy and illustrates the trade-offs and impact of different settings
Additional advanced topics and Walkthroughs for optional service components will be added over time. Check back here for updates to see how the progression expands, though at present we do not believe any of the existing order will be modified with, "interim" Walkthroughs.
Using Test Accounts
You will need an active SSProtect Account to work through Walkthrough STEPS. Though you can use a production Account, advanced topics require more than one Organization and use several associated Accounts. The next section provides guided instructions for creating the first Test Account, and Trial Licensing together with personal email is sufficient for all documented scenarios.
Gmail works well for these purposes because of its' support for email aliases. Create an alias by adding a plus sign to your existing gmail address, then extending its' value with (appropriate) string characters to form a new address delivered to the same gmail Inbox you already use. For example, when using firstname.lastname@example.org as the base address, we can create:
- Organization gmail-definisec_t1, Administrator -> email@example.com
- Organization gmail-definisec_t2, Administrator -> firstname.lastname@example.org
- Organization gmail-definisec_t1, User/ Delegate -> definisec+test1U1@gmail.com
- Organization gmail-definisec_t2, User/ Delegate -> definisec+test2U1@gmail.com
Start by provisioning your first Test Account with instructions in the next section. The Walkthroughs will subsequently guide you through the changes required to create associated Organizations, Accounts, and Trust Relationships.
IMPORTANT: Pay special attention to the Organization Names, noted above as gmail-definisec_t1/ gmail-definisec_t1. These must follow a specific naming scheme for Unattended Approval, else you run the risk of attempting to Convert the starting point Individual Account without a way to Cancel (a known problem being fixed in an upcoming Update). The first ordered instructions associated with this issue are in the Walkthrough, Migrate and Create Users.
Provision your First Test Account
STEP 1: Double-click the Desktop SSProtect Shortcut to display the Login dialog box. You can also right-click the SSProtect icon in the notification tray located in your taskbar next to the date/ time, then choose Refresh Login:
STEP 2: Click the Profile dropdown and choose, Create New... to display the Create Account dialog:*
STEP 3: Enter the Email Address of an email account you control, which represents the SSProtect Account you will use for Walkthrough activity. Do NOT check the Org checkbox, but check the :Recover and :Email checkboxes, as shown above. Click Create... to continue.
STEP 4: Check your email's Inbox for a message entitled, [SSProtect] Create Account from email@example.com. This message will include the Code you need to continue, as follows:*
STEP 5: Enter the Code, from the email (above), into the Code edit box of your Create Account dialog, as shown below. Continue with Verify:*
STEP 6: Create/ enter your New Pwd (twice) for this Account - you will use this to Login to SSProtect. Click Change to Provision:*
* Your Server designation will be ssp.secdefini.com or similar, rather than the non-public instance noted for our team's internal use.
1st Time Use Progression
The remaining part of this sequence represents 1st Time Use as described in the linked article of the same name. The following is specific to your Individual Account with the :Recover and :Email services noted above.
STEP 7: You will be prompted to set your Default Folder, which is the default location used for Reports, exported Key Files, and also a location that can be remapped on other host computers when you Remote Deploy your Profile. Choose Yes, then Browse to/ create C:\TestData (aligns with subsequent Walkthroughs). Choose Select Folder to continue:
STEP 8: You will be prompted to Export your Account Keys. Because you are operating as an Individual Account holder, you MUST do this before you can use the Account. Choose Yes to proceed:
STEP 9: Finally, enter the Password (and Confirmed value) for the Key File, and choose OK to finish. You will receive acknowledgment when Key Export is complete.
STEP 10: Finally, you will be prompted to install the :Email Add-In for Microsoft Outlook. Choose Yes. If Outlook is running, and SSProtect will close it before installing the Add-In. You will receive acknowledgment on completion.
Drilling Deeper: Exported Keys
Note that your Key File Password cannot be the same as your Account Login Password. Normally, you would want to move the exported Key File to removable storage, such as a thumb drive, while also making certain you separately and securely maintain its' Password. This is important because, as an Individual Account, there is no way to Reset your Password without importing keys from this Key File - with its' Password.
This differs from an Organization that usually has more than one Privileged User. Though the one single Administrator can only reset his/ her Password using the Key File, if there is another, active Privileged User for the Organization, he/ she can Login and Export Keys for use with the Administrator Password Reset operation.
Finally, note that SSProtect supports Password Policies as described in the article of the same name.
Your Test Account and Profile Name/ Alias
After you Export your Key File, your Account is ready to use. SSProtect will take you back to the Login dialog so you can proceed (to enter your Account Password, establishing a Login Session):
Notice that your Profile has been given a Default Name - IND (user@host), which you can change with the Advanced..., Profiles..., Edit... progression followed by the New Name and Save (followed by Done to return to the Login dialog).
You can search this site for more information on various topics, or use this link to submit a specific request. You can also send email directly to firstname.lastname@example.org, and our staff will respond to your needs as soon as possible.
This article was updated w/ v10.7.1 of the :Foundation Client