Encrypt portion of NAS / network drive - but allow multiple user access - what software?

Posted on 2011-04-23
Last Modified: 2012-05-11
Hi ,

I have been looking at various software to encrypt a portion of a network drive that will allow a user to access the encrypted data from multiple devices.

For example, I was experimenting with the Free Truecyrpt which is very good. However when I set a portion of the network drive to be encrypted this worked fine. However when I Tried to mount the encrypted volume from another PC, it of course said that the file is in use.

Therefore I conclude with Truecrypt it is not possible to mount the encrypted volume from multiple devices at the same time.

However I have been looking at others such as PGP (now Symantec) Whole disk encryption software (which comes with file /folder encryption) and I am unable to establish at this time if it will support multiple simultaneous access.

Reading some of the blurb of Winmagic I got the impression it does support this.

But would be great if someone who has used this could confirm and how well it works (can't download a demo of this and need to finish my report by the end of long weekend).

Question by:afflik1923
    LVL 60

    Accepted Solution

    Actually I thought Truecrypt is able to do the sharing - see @
    But the security issue I forsee is the sharing of the same keys by all users. Of course, file/folder can be encrypted by specific within but it kind of not as neat using Truecrypt....

    Initially I was thinking of leveraging Windows Encryption File System (EFS) which is multi-user access capable, but it has limitation such that the channel from the client machine to server is not protected. It is unless the server is having WebDAV or have separate secure channel like SSL/TLS or IPSec - but the latter is separate "package" to secure the channel and not the data protection directly off from EFS (or the security solution).

    You can check out this @

    If multi-user access is desired, there should be policy to tagged with the access right where possible and proper logging is important since there will be a need for group (or shared) key concept for concurrent authorised access. I think that such implementation will have the crypto key (used to mount the shared volume) is protected by each authorised user crypt key (unique to them) in a pre-established user list. Kinda of like how the S/MIME works leveraging the PKI where user certificate will provide the unique identification (can be soft or hardware specific if using smartcard or token). Enterprise solution will provide a neater way unless you are just going for proof of concept to get buy-in from stakeholders...

    For the enterprise suite, below are my feedbacks

    A) You may want to explore SecureDisk and SecureDS.  I understand the former is able to achieve the multi-user access of secure store. The latter will provide additional policy-based intelligent data protection scheme which you may want to "top up" the security posture. It would be able to have concurrent access but can check with vendor for confirmation though

    B) For PGP whole Disk encryption, it does not support the network type storage as it is focus on local HDD. For your case, you will be looking at the PGP Desktop Storage which has multilayered encryption using PGP Whole Disk Encryption to protect confidential files stored on local desktop or laptop systems and using PGP NetShare to securely share files with selected colleagues.

    This is a useful matrix on PGP suite (look at "Shared storage encryption") @

    C) For the Winmagic Suite, you will probably be looking at the "Container Encryption" which is another pre-allocated big space file that can be mounted for multi-user access. Imagine this file stored in network file server and user attempt to mount this file into a volume. Not that neat way but it does serve your purpose indirectly. Similarly, the highlighted the file/folder suite serve the same purpose but focus on file/folder as it is and encrypting them, it does not have volume per se. The key is that both suite can have encrypted data shared based on “group” key sharing, e.g. sharing files locally as well as on network share.

    Overall, the 3 product is able to handle what you had requested but you just need to get more info and ask vendor to show to you "live" if possible. Seeing is believing.

    Author Comment

    OK very good information and Very much appreciated particularly in the useful detail you have gone into (As I think you did on another question I had on a related subject).

    I will digest this information and let you know.

    Author Comment


    Ok revisiting this information as this project takes off again. The comparison link you sent has changed becaue of Symantec buy out

    This is a useful matrix on PGP suite (look at "Shared storage encryption") @

    Do you therefore know the new equivelent link if it exists?
    LVL 60

    Expert Comment

    not that know of but it should have been quite independent of the purchase as it still retained their naming. probably a quick check with desired vendor will be more effective to lead to the information.

    Author Comment

    I've had great trouble with PGPon my Lenovo. I was using support but they abandoned the problem with me as they said they could not recreate it. Obviousy this is off putting but still not found something suitable.
    Will update soon.

    Author Closing Comment

    Many thanks for this.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Maximize Your Threat Intelligence Reporting

    Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

    Explore the encryption capabilities built into Google Apps and how these features can help you meet privacy policy and regulatory compliance, but are not a full solution. Understand and compare the most popular email encryption services for Google A…
    I thought I'd write this up for anyone who has a request to create an anonymous whistle-blower-type submission form created using SharePoint 2010 (this would probably work the same for 2013). It's not 100% fool-proof but it's as close as you can get…
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now