Solved

Multi-user encrypted volumes

Posted on 2010-08-13
3
521 Views
Last Modified: 2013-12-04
Can anybody recommed some software which will allow encrypted volumes with multiple passwords or some other solution to the scenario below?

The scenario is as follows:

- Managers each need their own encrypted area with their own password.
- IT Admins need to be able to backup the encrypted data but not be able to decrypt it.
- A company director needs to be able to access every person's data with his own password (as opposed to having all the users' passwords).
- Ideally there would be the flexibility to have shared areas which each manager has a separate password for.

This is for a fairly small amount of data, say 10 users with 1gb of storage each. It is in a windows server/xp desktop environment. The problem is IT Admins not being able to decrypt the data otherwise it would be pretty straightforward just using NTFS permissions and IT Admins then encrypting the backups.

We thought about using truecrypt with keyfiles but the only way to use it with multiple passwords is to use smart cards holding the keyfiles.
0
Comment
Question by:BAMINATOR
3 Comments
 
LVL 4

Accepted Solution

by:
curua2008 earned 250 total points
ID: 33432475
what about using Credant Mobile Guardian product with the following features

- common encryption key: all users in a certain AD groups can login and access to encrypted data. Other users including IT can login but couldn't read the data as they're not in that special AD group) It will be good for sharing data between managers
- user encryption key: data will be encrypted using user encryption key, and only the owner can login and read the data. However the user's key is backed up and managed centrally to a central encryption server. When Director need to decrypt any data, the encryption server admin can assist to decrypt any encrypted data. ( only the encryption admin can do that) This feature is good as enterprise solution because the encryption key is stored and managed centrally.

Credant Mobile Guardian is a encryption software working at file & folder level. You can define encryption policy frm the server, and push it down to client, you can encrypt user HDD, USB device and you can use either common encryption or user encryption or you can combine both of them. Users don't have to get another password to lock/unlock the data. Everything will be based on their AD password. Encryption/decryption will be done automatically & transparently.
0
 
LVL 54

Assisted Solution

by:McKnife
McKnife earned 250 total points
ID: 33561805
Hi.
> IT Admins need to be able to backup the encrypted data but not be able to decrypt it.
This is silly if you think about it. If I have admin rights on your machine and I need to get hold of your password, I install a keylogger from remote (AV scan will find that - haha), wait for some hours, grab the recorded textfile with the password and uninstall the keylogger.
If someone has administrative access you cannot prevent he can possibly get to any content on that machine.
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Healthcare providers, insurance companies and other covered entities trust eFax Corporate to transmit their most sensitive documents. eFax Corporate can help your organization implement a HIPAA compliant cloud faxing solution.
There are many Password Managers (PM) out there to choose from. PM's can help with your password habits and routines, but they should not be a crutch you rely on too heavily. I also have an article for company/enterprise PM's.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question