In modern society, the demand for information security of corporate networks and its users is constantly growing. Data theft and leaks from corporate networks have increased in frequency, and the financial losses cause substantial harm to businesses. Due to vulnerabilities in software and human factors, data transmitted on a corporate network can be intercepted by malware and hackers. Therefore, the encrypting of data on workstations, notebook computers, mobile devices and removable storage media used in corporate networks becomes necessary.
The classic system for encryption of files and directory contents on computers operates in accordance with file access policies that determine which groups of files must be encrypted and which files may not. In such a system, the most vulnerable and critical files (such as files containing confidential information whose loss is undesirable to its owner) are typically encrypted on a disk, and if an application tries to gain access to such files, the system either provides them to the authorized application in decrypted form or blocks access to them.
However, when an authorized application opens an encrypted file, it can transfer the file outside the corporate network, which may cause data leaks. Therefore, there is a need for an improved technique for controlling access to encrypted files on corporate networks.
Another known technique of protecting data is full disk encryption, where all the contents of a disk are encrypted as a whole. In such a case, access to individual files of the encrypted disk occurs by means of decrypting data “on the fly”—the individual disk sectors containing the requested file are decrypted in the computer memory, so the data stored on the disk remains encrypted. Upon completion of working with the file, it is likewise encrypted “on the fly”—the file is broken up into parts equal in volume to a disk sector, which are encrypted and stored in original disk sectors. However, having gained access to a file, it can be stored on a different disk where the encryption policies do not apply, so that there is a risk of losing critical files.
Even so, the existing technologies do not solve the problem of protecting files during their copying from a disk encrypted with the use of full disk encryption technology.