Avatar of KzKrew
KzKrewFlag for United States of America asked on

Folder Encryption / End-to-End encryption Software Recommendations

I am looking for an Application that can encrypt specific windows based network folders for an On Premise File Server.  Server OS is 2019

Example: The financial group  would like to secure their "Financial" folder.

Windows folder permissions would of course limit access to this folder but they would also like the folder to be encrypted to limit exposure in a data breach situation. BitLocker is employed on server drives but the financial department requires additional security in case Domain Credentials were compromised.   

Looking for recommendations:

Thanks  - Dan

  

EncryptionCyber SecurityRansomware* server 2019Security

Avatar of undefined
Last Comment
KzKrew

8/22/2022 - Mon
Jian An Lim

a data breach may be,
ransomware no; Any ransomware can encrypt on top make your file unreadable.

with zero trust methodology, credential is the first guard.
any 3rdparty encryption will means you stuck with them until you decrypted.
key word is End-to-End encryption software. And I found a few of them like
Atakama https://www.atakama.com/enterprise-file-encryption-software
Winmagic https://www.winmagic.com/products/securedoc-file-encryption-sfe

Being a Microsoft guy, I will recommend using Microsoft information protection but again,is another piece of software you need to deploy


Best defends you gonna have is to monitor your log and react faster, instead of thinking you can implement a bullet proof solutions. Credential compromised should be the last thing to happen.

ASKER
KzKrew

Agree -  End-to-End encryption is the keyword in my question. Does anyone else have input to my question.
Thanks 
ste5an

Your approach makes no sense. Cause ransomware encrypts every file with their own keys. Thus an encrypted file or folder in your security model will be also encrypted. Thus it will be lost also.

additional security in case Domain Credentials were compromised.
Their is only one solution: MFA and credential changes in the case of incidents.

MFA means real MFA, thus credentials (knowledge) + inheritance (iris, fingerprint) + possession (separate hardware token).

Only the usage of all three give the wanted security. Caveat: no MFA must use a mobile. A mobile is to easy to pwn.
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
David Favor

Unsure exactly what problem you're trying to fix.

1) If you secure your conversations with TLS certs, then the conversations are encrypted.

2) If you actually encrypt the data, then you'll have to do key management, so since everyone must have a key... and keys will be laying around every where... this is usually just complexity with no security improvement.

3) As @Jian mentioned... said differently... if you can do an ls/dir on a directory with Windows running... then Ransomware can potentially encrypt the data.

Suggestion: Describe the actual problem you're trying to solve + likely many people can provide potential solution approaches.
ASKER
KzKrew

I re-emprises my question is NOT on the damage that is caused by ransomware or other, but protecting an organization from data dumps if an bad actor was able to gain access

David does make a good point on encryption keys and how to protect. Folder Encryption / end to end encryption  Software marketing makes it sound like it solves the problem of Data Dumps / Data  Leakage  but does it ???
Sudeep Sharma

In the corporate environment, why not use the EFS? This can be used along with BitLocker and you can restrict who can have access to the files and folder which are encrypted using EFS.

Thanks,
Sudeep
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER CERTIFIED SOLUTION
Jian An Lim

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
ASKER
KzKrew

Thanks, Jian -- you have certainly given serious thought to my question of how to protect data at rest - (against data leakage/data dumps) Being a smaller manufacturing company with limited resources  -- Microsoft Information protection is probably not a fit. Do you have any recommendations beyond what you have already recommended?
Thanks