In modern society, the demand for information security of corporate networks and its users is constantly growing. Data theft and leaks from corporate networks have increased in frequency, and the financial losses cause substantial harm to businesses. Due to vulnerabilities in software and human factors, data transmitted on a corporate network can be intercepted by malware and hackers. Therefore, the encrypting of data on workstations, notebook computers, mobile devices and removable storage media used in corporate networks becomes necessary.
The classic system for encryption of files and directory contents on computers operates in accordance with file access policies that determine which groups of files must be encrypted and which files may not. In such a system, the most vulnerable and critical files (such as files containing confidential information whose loss is undesirable to its owner) are typically encrypted on disk and if an application tries to gain access to such files the system either provides them to the authorized application in decrypted form or blocks access to them.
However, when an authorized application opens an encrypted file, it can transfer the file outside the corporate network, which may cause data leaks. Therefore, there is a need for improved technique for controlling access to encrypted files on corporate networks.