[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Multi-user encrypted volumes

Posted on 2010-08-13
3
Medium Priority
?
528 Views
Last Modified: 2013-12-04
Can anybody recommed some software which will allow encrypted volumes with multiple passwords or some other solution to the scenario below?

The scenario is as follows:

- Managers each need their own encrypted area with their own password.
- IT Admins need to be able to backup the encrypted data but not be able to decrypt it.
- A company director needs to be able to access every person's data with his own password (as opposed to having all the users' passwords).
- Ideally there would be the flexibility to have shared areas which each manager has a separate password for.

This is for a fairly small amount of data, say 10 users with 1gb of storage each. It is in a windows server/xp desktop environment. The problem is IT Admins not being able to decrypt the data otherwise it would be pretty straightforward just using NTFS permissions and IT Admins then encrypting the backups.

We thought about using truecrypt with keyfiles but the only way to use it with multiple passwords is to use smart cards holding the keyfiles.
0
Comment
Question by:BAMINATOR
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 4

Accepted Solution

by:
curua2008 earned 1000 total points
ID: 33432475
what about using Credant Mobile Guardian product with the following features

- common encryption key: all users in a certain AD groups can login and access to encrypted data. Other users including IT can login but couldn't read the data as they're not in that special AD group) It will be good for sharing data between managers
- user encryption key: data will be encrypted using user encryption key, and only the owner can login and read the data. However the user's key is backed up and managed centrally to a central encryption server. When Director need to decrypt any data, the encryption server admin can assist to decrypt any encrypted data. ( only the encryption admin can do that) This feature is good as enterprise solution because the encryption key is stored and managed centrally.

Credant Mobile Guardian is a encryption software working at file & folder level. You can define encryption policy frm the server, and push it down to client, you can encrypt user HDD, USB device and you can use either common encryption or user encryption or you can combine both of them. Users don't have to get another password to lock/unlock the data. Everything will be based on their AD password. Encryption/decryption will be done automatically & transparently.
0
 
LVL 56

Assisted Solution

by:McKnife
McKnife earned 1000 total points
ID: 33561805
Hi.
> IT Admins need to be able to backup the encrypted data but not be able to decrypt it.
This is silly if you think about it. If I have admin rights on your machine and I need to get hold of your password, I install a keylogger from remote (AV scan will find that - haha), wait for some hours, grab the recorded textfile with the password and uninstall the keylogger.
If someone has administrative access you cannot prevent he can possibly get to any content on that machine.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Encryption for Business Encryption (https://en.wikipedia.org/wiki/Encryption) ensures the safety of our data when sending emails. In most cases, to read an encrypted email you must enter a secret key that will enable you to decrypt the email. T…
I originally wrote this article to compare SARDU and YUMI, but have now added Easy2Boot, since that is the one I currently use and find the easiest to create and alter.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question