Specifications

Encryption keys

54 |

copy of the key. If the key could be obtained from the Database, then the local copy

may be installed, or updated at the same time. If the user’s credentials are not

correct, no keys are released.

Remove from cache after...

Causes a local cached copy of a key to be wiped from the local key cache after a

certain number of days of disconnection. This prevents users obtaining keys, and then

continuing to use them for extended periods of time without validating their

credentials against the central Endpoint Encryption Database. You can use this option

to ensure that if you make changes to the validity or user list of cacheable keys, that

these changes are enforced within a certain period of time.

Users

You can restrict access to keys to certain users by adding them to the keys user list.

Figure26:UsersettingsforanEncryptionKeysgroup/EncryptionKey

When the list is empty, any user who has valid Endpoint Encryption credentials can

obtain the key. Once one or more users are added to the list though, ONLY those

users can obtain, or administer the key, irrespective of admin level, i.e. if the list is

defined without any administrators added to the list, then no administrator can

manage the keys in the group. This prevents general Endpoint Encryption

Administrators from being able to access sensitive data.

Use the Add and Remove buttons to edit the list. Both individual users as well as

Endpoint Encryption user groups may be assigned to a key group.

CAUTION:Theassignmentofuserstokeysisanirreversibleprocess.Oncetheusersareassigned,only

thoseonthelistcanchangeanypropertyofthekeysinthegroup.Likewise,ifyoudeleteausergroupora