Avatar of KzKrew
KzKrewFlag for United States of America

asked on 

Folder Encryption / End-to-End encryption Software Recommendations

I am looking for an Application that can encrypt specific windows based network folders for an On Premise File Server.  Server OS is 2019

Example: The financial group  would like to secure their "Financial" folder.

Windows folder permissions would of course limit access to this folder but they would also like the folder to be encrypted to limit exposure in a data breach situation. BitLocker is employed on server drives but the financial department requires additional security in case Domain Credentials were compromised.   

Looking for recommendations:

Thanks  - Dan


EncryptionCyber SecurityRansomware* server 2019Security

Avatar of undefined
Last Comment
Avatar of Jian An Lim
Jian An Lim
Flag of Australia image

a data breach may be,
ransomware no; Any ransomware can encrypt on top make your file unreadable.

with zero trust methodology, credential is the first guard.
any 3rdparty encryption will means you stuck with them until you decrypted.
key word is End-to-End encryption software. And I found a few of them like
Atakama https://www.atakama.com/enterprise-file-encryption-software
Winmagic https://www.winmagic.com/products/securedoc-file-encryption-sfe

Being a Microsoft guy, I will recommend using Microsoft information protection but again,is another piece of software you need to deploy

Best defends you gonna have is to monitor your log and react faster, instead of thinking you can implement a bullet proof solutions. Credential compromised should be the last thing to happen.

Avatar of KzKrew
Flag of United States of America image


Agree -  End-to-End encryption is the keyword in my question. Does anyone else have input to my question.
Avatar of ste5an
Flag of Germany image

Your approach makes no sense. Cause ransomware encrypts every file with their own keys. Thus an encrypted file or folder in your security model will be also encrypted. Thus it will be lost also.

additional security in case Domain Credentials were compromised.
Their is only one solution: MFA and credential changes in the case of incidents.

MFA means real MFA, thus credentials (knowledge) + inheritance (iris, fingerprint) + possession (separate hardware token).

Only the usage of all three give the wanted security. Caveat: no MFA must use a mobile. A mobile is to easy to pwn.
Avatar of David Favor
David Favor
Flag of United States of America image

Unsure exactly what problem you're trying to fix.

1) If you secure your conversations with TLS certs, then the conversations are encrypted.

2) If you actually encrypt the data, then you'll have to do key management, so since everyone must have a key... and keys will be laying around every where... this is usually just complexity with no security improvement.

3) As @Jian mentioned... said differently... if you can do an ls/dir on a directory with Windows running... then Ransomware can potentially encrypt the data.

Suggestion: Describe the actual problem you're trying to solve + likely many people can provide potential solution approaches.
Avatar of KzKrew
Flag of United States of America image


I re-emprises my question is NOT on the damage that is caused by ransomware or other, but protecting an organization from data dumps if an bad actor was able to gain access

David does make a good point on encryption keys and how to protect. Folder Encryption / end to end encryption  Software marketing makes it sound like it solves the problem of Data Dumps / Data  Leakage  but does it ???
Avatar of Sudeep Sharma
Sudeep Sharma
Flag of India image

In the corporate environment, why not use the EFS? This can be used along with BitLocker and you can restrict who can have access to the files and folder which are encrypted using EFS.

Avatar of Jian An Lim
Jian An Lim
Flag of Australia image

Blurred text
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Avatar of KzKrew
Flag of United States of America image


Thanks, Jian -- you have certainly given serious thought to my question of how to protect data at rest - (against data leakage/data dumps) Being a smaller manufacturing company with limited resources  -- Microsoft Information protection is probably not a fit. Do you have any recommendations beyond what you have already recommended?



Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection. Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.

Top Experts
Get a personalized solution from industry experts
Ask the experts
Read over 600 more reviews


IBM logoIntel logoMicrosoft logoUbisoft logoSAP logo
Qualcomm logoCitrix Systems logoWorkday logoErnst & Young logo
High performer badgeUsers love us badge
LinkedIn logoFacebook logoX logoInstagram logoTikTok logoYouTube logo