Endpoint Encryption

Hi all,

I'm new in my job and I revied several documentation about IT-software implemented in our environment.

One topic is FileShare Ecnryption.

We have several file shares encrypted with group keys, to which different users belong.

The encrypted file shares contain 100s of GB data. Though when a new employee needs access to the data, he gets a pgp user which belongs to the corresponding group and the share must be taken offline for a while to re-encrypt the data.

From my point of view this is not comfortable to the customer, because it takes hours.

I did not find any other solution than this concept in White Papers and User Manuals.

Is it an option to
- setup one user per fileshare
- provide a private key for this user
- encrypt the filshare
- publish the private key to keyrings of other users

If so, I would not need to re-encrypt.

The risk I see: a user could export the private key and publish it to anyone. Is this avoidable?

rgds

Oerst
 

Hi Oerst,

The behavior that you are looking for is the same in which the group key functions and there is no need to edit/re-encrypt the FileShare folder when a new user joins, the new user only needs to be added to the ldap group.

Please check the below article that talks about PGP NetShare Group Key FAQ's

www.symantec.com/docs/HOWTO61299

Thumbs up to Shahidhussain Sayyed above, good article.

The whole concept of group keys is to avoid the historical situation where a share needs to be re-encrypted whenever a user requires access (and to avoid sharing out any single particular user's keys).  Unfortunately, group keys with FileShare encryption have had issues in implementation, and only seemed to work properly (from my experience) with later versions of the software.

I'd definitely recommend upgrading to the latest version of the SEMS and client and giving it a go.

Thank you very much, I did not recognize that the product File Share Encryption is the replacement of PGP NetShare.

kind regards

Oerst