Ping32 provides enterprises with a lightweight yet high-strength data leakage prevention solution.
While ensuring a secure and stable document encryption experience, Ping32 also offers flexible approval workflows to safeguard enterprise data through structured and auditable security operations.

Overview

Ping32 supports flexible business approval workflows and allows administrators to customize approval templates to meet multi-level corporate review processes.
This capability helps organizations adapt to complex business scenarios, improve approval efficiency, and ensure that each approval flow aligns with corporate compliance and data protection policies.

File Decryption

Ping32 Document Encryption supports multiple decryption types and approval workflows to meet the needs of various departments.

1. Manual File Decryption

• Grants users the ability to manually decrypt files via right-click context menu.

• Supports password verification and decryption reason input.

• Integrates with DingTalk notifications to monitor file activity and prevent unauthorized plaintext file transmission.

• Enhances overall enterprise data security by ensuring decryption operations are traceable.

2. Approval-Based Decryption

• Users initiate a decryption request which must be approved by a designated approver before plaintext access is granted.

• Once approved, the applicant can download the decrypted file.

• This mechanism ensures that file decryption is controlled, auditable, and compliant with internal security policies.

3. Decryption Prohibition

• Administrators can disable file decryption entirely to enforce strict confidentiality.

• Prevents unauthorized personnel from accessing sensitive content and strengthens data loss prevention (DLP) protection.

Security Attributes

Security attributes define the security domains and document classification levels within Ping32.
They control file access between domains and manage authorization levels for classified documents.

Key Features:

• Validation Scope Settings:
  Supports enabling validation for static decryption or transparent decryption, allowing flexible configurations for different business requirements.

• Security Domain Verification:
  When enabled, users can only open encrypted files within their trusted domain, preventing cross-domain access to sensitive files.

• Classification Level Verification:
  Restricts users to access encrypted documents that are at or below their security clearance, preventing unauthorized viewing of higher-level confidential files.

• Security Attribute Adjustment Requests:
  Users can submit requests to adjust security attributes (such as security domain or classification level) for temporary access needs, subject to administrator approval.

These controls effectively prevent unauthorized access, privilege escalation, and improper file circulation that could lead to core data leakage.

Email Decryption

When terminal users send encrypted attachments via email clients such as Foxmail or Outlook, the Email Decryption feature ensures seamless communication while maintaining data security.

Key Functions:

• Automatic File Decryption:
  Encrypted attachments are automatically decrypted before sending, ensuring recipients receive plaintext files while maintaining compliance control.

• Email Whitelist:
  Messages exchanged between trusted addresses (within the whitelist) are automatically decrypted, simplifying communication within approved boundaries.

• Email Approval Workflow:
  When sending encrypted emails, users must go through an approval process. The message is sent only after approval, ensuring proper compliance verification.

• CC-Based Auto Decryption:
  When an email is CC’d to designated addresses, those recipients automatically receive decrypted copies—enhancing workflow efficiency and minimizing manual steps.

These measures ensure secure, compliant, and auditable email transmission for both internal and external communications.

File Sharing and External Distribution

Enterprises can securely share data with external partners using file distribution packages, ensuring strict outbound control and reducing the risk of secondary leaks.

Supported Modes:

• Direct File Distribution:
  Allows clients to create and send outbound file packages to external partners.
  (Recommended only for controlled scenarios, as it carries higher risk.)

• Approval-Based File Distribution:
  Users must submit an external distribution request for approval before files can be shared.
  This ensures every outbound data transfer is authorized and recorded.

• Prohibited File Distribution:
  Administrators can disable both direct and approval-based external sharing, ensuring absolute protection of core enterprise data.

Through these configurations, enterprises gain visibility and control over file-sharing behavior and can promptly identify potential security risks.

Offline Policy

Ping32’s Offline Policy ensures that encrypted documents remain secure even when endpoints are disconnected from the corporate network.
Administrators can define how long users can access encrypted files while offline and specify default client behavior.

Supported Options:

1. Allow Opening Encrypted Files:
   Users can continue accessing encrypted files while offline — suitable for business trips or remote work scenarios.

2. Allow Access Within Safe Duration:
   Administrators can define a custom offline time limit.
   Users may only open encrypted files within this safe duration, maintaining control over offline data access.

3. Allow Users to Request Extension:
   Users can submit an offline usage extension request when additional time is needed.
   Administrators can review and approve based on operational needs.

4. Prohibit Access to Encrypted Files:
   Blocks all access to encrypted files while offline to eliminate data exposure risks.

These configurations provide a balanced approach between operational flexibility and strict data security, ensuring sensitive files remain protected under all circumstances.