?
Solved

Multi-user encrypted volumes

Posted on 2010-08-13
3
Medium Priority
?
527 Views
Last Modified: 2013-12-04
Can anybody recommed some software which will allow encrypted volumes with multiple passwords or some other solution to the scenario below?

The scenario is as follows:

- Managers each need their own encrypted area with their own password.
- IT Admins need to be able to backup the encrypted data but not be able to decrypt it.
- A company director needs to be able to access every person's data with his own password (as opposed to having all the users' passwords).
- Ideally there would be the flexibility to have shared areas which each manager has a separate password for.

This is for a fairly small amount of data, say 10 users with 1gb of storage each. It is in a windows server/xp desktop environment. The problem is IT Admins not being able to decrypt the data otherwise it would be pretty straightforward just using NTFS permissions and IT Admins then encrypting the backups.

We thought about using truecrypt with keyfiles but the only way to use it with multiple passwords is to use smart cards holding the keyfiles.
0
Comment
Question by:BAMINATOR
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 4

Accepted Solution

by:
curua2008 earned 1000 total points
ID: 33432475
what about using Credant Mobile Guardian product with the following features

- common encryption key: all users in a certain AD groups can login and access to encrypted data. Other users including IT can login but couldn't read the data as they're not in that special AD group) It will be good for sharing data between managers
- user encryption key: data will be encrypted using user encryption key, and only the owner can login and read the data. However the user's key is backed up and managed centrally to a central encryption server. When Director need to decrypt any data, the encryption server admin can assist to decrypt any encrypted data. ( only the encryption admin can do that) This feature is good as enterprise solution because the encryption key is stored and managed centrally.

Credant Mobile Guardian is a encryption software working at file & folder level. You can define encryption policy frm the server, and push it down to client, you can encrypt user HDD, USB device and you can use either common encryption or user encryption or you can combine both of them. Users don't have to get another password to lock/unlock the data. Everything will be based on their AD password. Encryption/decryption will be done automatically & transparently.
0
 
LVL 56

Assisted Solution

by:McKnife
McKnife earned 1000 total points
ID: 33561805
Hi.
> IT Admins need to be able to backup the encrypted data but not be able to decrypt it.
This is silly if you think about it. If I have admin rights on your machine and I need to get hold of your password, I install a keylogger from remote (AV scan will find that - haha), wait for some hours, grab the recorded textfile with the password and uninstall the keylogger.
If someone has administrative access you cannot prevent he can possibly get to any content on that machine.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Businesses who process credit card payments have to adhere to PCI Compliance standards. Here’s why that’s important.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question