Method, device and computer program product for providing quarantined workspaces. A virtualization application operates on a host to simulate a virtual guest. A management application operates within the virtual guest. The management application controls transmission between guest applications and locations external to the virtual guest. The management application stores encryption keys inaccessible to the host. The management application intercepts attempted transmissions from guest applications to locations outside the virtual guest. Secure data files are identified in the attempted transmissions and encrypted before leaving the virtual guest using the encryption keys. The management application also prevents any unencrypted data from being provided to non-kernel host processes that have not been previously identified as permitted host processes while allowing unencrypted data transmission from the non-kernel host processes to any of the guest application processes.
展开▼