Previous Topic: Configure Encrypt Actions in the User PolicyNext Topic: CA DataMinder Cannot Encrypt Files Copied to Network Locations

Policy GuideEncrypting Files Being CopiedEducate Your Users About the Encryption Utility

Educate Your Users About the Encryption Utility

When you roll out the CA DataMinder Encrypt feature across your organization, educate your users about how to encrypt and, critically, how to decrypt sensitive files. Your users must be familiar with the CA DataMinder encryption utility, CADLPEnc.exe.

Briefly, when a user copies a file to a removable device or sync folder, CA DataMinder prompts them for a password. CA DataMinder uses this password to encrypt the file before it is copied. To retrieve and decrypt the file, the user must run CADLPEnc.exe and re-enter the password that they used to encrypt the file.

Note: CADLPEnc.exe is copied with the file to the removable device or sync folder.

Example: Encrypting and decrypting a file on a removable device

Consider a user who wants to take sensitive files home to work on them over the weekend. From the user's viewpoint, there are four stages:

  1. Before the user leaves the office, they must encrypt and copy a file onto a USB device.
  2. When the user gets home, they must decrypt and copy the file onto their home computer.
  3. Before the user leaves home and returns to the office, they must re-encrypt and copy the file back onto their USB device.
  4. When they get back into the office, they must decrypt the file and copy it onto their home computer.

Before the user leaves the office

The user tries to copy an unprotected file (such as MyReport.docx) onto a USB device.

  1. CA DataMinder displays an advisory message and prompts them for a password.

    Encryption advisory dialog

    Encryption Advisory Dialog

  2. CA DataMinder uses this password to save an encrypted version of the file onto the USB device. (The file is stored with an .enc suffix, such as MyReport.docx.enc.)
  3. CA DataMinder copies the encryption utility, CADLPEnc.exe, onto the USB device.

When the user gets home

The user must use the encryption utility to copy their file from the USB device onto their home computer.

  1. The user runs the encryption utility, CADLPEnc.exe. This utility is in the root of their USB device.
  2. When the encryption utility starts, it lists all the encrypted files on the USB device.

    DLP encryption utility

    1 Encryption utility, CADLPEnc.exe, stored on removable device. 2 Encryption utility screen display.

  3. The user selects the file they want and clicks Export Files.
  4. The user chooses a target folder on their home computer.
  5. CA DataMinder prompts for the password that they used to encrypt the file when it was copied onto the USB device.
  6. CA DataMinder decrypts the file and copies it to the home computer.

Important! The user must use the encryption utility to copy the file from the USB device onto their home computer. If the user drags the file directly from the USB device onto the home computer, the file remains encrypted and is unusable!

Before the user leaves home and returns to the office

After the user has finished working on the file at home, they must encrypt and copy it back onto the USB drive:

  1. The user runs the encryption utility on their USB drive.
  2. The user clicks Import Files.
  3. The user selects the file they want to copy from their home computer onto the USB device.
  4. The encryption utility displays an advisory message and prompts the user for a password.
  5. CA DataMinder uses this password to save an encrypted version of the file back onto the USB drive.

    Note: The user does not have to enter the same password as before.

When the users gets back to the office

The procedure for getting the file off the USB device is exactly the same as the procedure when they get home.

  1. The user runs the encryption utility from the root of their USB device.
  2. When the encryption utility starts, it lists all the encrypted files on the USB device.
  3. The user selects the file they want and clicks Export Files.
  4. The user chooses a target folder on their office computer.
  5. CA DataMinder prompts for the password that they used to encrypt the file when it was copied onto the USB device.
  6. CA DataMinder decrypts the file and copies it to the office computer.