Solved

Multi-user encrypted volumes

Posted on 2010-08-13
3
516 Views
Last Modified: 2013-12-04
Can anybody recommed some software which will allow encrypted volumes with multiple passwords or some other solution to the scenario below?

The scenario is as follows:

- Managers each need their own encrypted area with their own password.
- IT Admins need to be able to backup the encrypted data but not be able to decrypt it.
- A company director needs to be able to access every person's data with his own password (as opposed to having all the users' passwords).
- Ideally there would be the flexibility to have shared areas which each manager has a separate password for.

This is for a fairly small amount of data, say 10 users with 1gb of storage each. It is in a windows server/xp desktop environment. The problem is IT Admins not being able to decrypt the data otherwise it would be pretty straightforward just using NTFS permissions and IT Admins then encrypting the backups.

We thought about using truecrypt with keyfiles but the only way to use it with multiple passwords is to use smart cards holding the keyfiles.
0
Comment
Question by:BAMINATOR
3 Comments
 
LVL 4

Accepted Solution

by:
curua2008 earned 250 total points
Comment Utility
what about using Credant Mobile Guardian product with the following features

- common encryption key: all users in a certain AD groups can login and access to encrypted data. Other users including IT can login but couldn't read the data as they're not in that special AD group) It will be good for sharing data between managers
- user encryption key: data will be encrypted using user encryption key, and only the owner can login and read the data. However the user's key is backed up and managed centrally to a central encryption server. When Director need to decrypt any data, the encryption server admin can assist to decrypt any encrypted data. ( only the encryption admin can do that) This feature is good as enterprise solution because the encryption key is stored and managed centrally.

Credant Mobile Guardian is a encryption software working at file & folder level. You can define encryption policy frm the server, and push it down to client, you can encrypt user HDD, USB device and you can use either common encryption or user encryption or you can combine both of them. Users don't have to get another password to lock/unlock the data. Everything will be based on their AD password. Encryption/decryption will be done automatically & transparently.
0
 
LVL 53

Assisted Solution

by:McKnife
McKnife earned 250 total points
Comment Utility
Hi.
> IT Admins need to be able to backup the encrypted data but not be able to decrypt it.
This is silly if you think about it. If I have admin rights on your machine and I need to get hold of your password, I install a keylogger from remote (AV scan will find that - haha), wait for some hours, grab the recorded textfile with the password and uninstall the keylogger.
If someone has administrative access you cannot prevent he can possibly get to any content on that machine.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now