LockMagic and Selective Encryption

Under certain situations, it may be necessary to force certain applications, but not all, to write all their data to the disk in an encrypted format. Via Group Policy, LockMagic allows an administrator to selectively control which applications read and write encrypted data to disk. Further, LockMagic disallows and other applications from reading and writing to the file that was earlier produced. This fine grain control allows an administrator to make sure any file that has PII data is encrypted before written to disk. The file can be encrypted with the identity of the user(s) that are able to access the file, which can also be a specific group that was defined in Active Directory. An administrator can create a specific Microsoft Application Virtualization (App-V), http://www.microsoft.com/systemcenter/appv/default.mspx, package and then force all applications in this package to produce encrypted content. The LockMagic desktop software includes a file system filter that enforces this particular policy seamlessly with no user interaction. In the diagram below, the MyLiveKey service communicates with the Svc Agent, on the user’s desktop, to notify the filter driver which applications are to be selectively enrolled in the encryption process.