File Share Encryption

Hi,

I want to know what are Best practices for key management on Symantec Encryption Management Server?

Also in conjunction, can we utilize our Enterprise Key Management application for an additional layer of security?

We don't really have a 'Best Practice' guide for key management.  NIST has published some recommendations via document SP 800-57:
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r4.pdf

My recommendation would be to use Server Key Mode (SKM) keys if possible, to reduce reliance on end users and provide more management ability.  These should be tied to Active Directory with AD Synchronization.  The keys are distributed to the users as needed, and the users can be blocked from modifying the keys.

If using FileShare, I would also recommend using Group Keys, so you can add and remove users without any manual input on the server or on the shares themselves.

In the end, it really comes down to business needs, potential government regulation (particularly in European areas, where they may govern the signing key requirements), and ease of management.  In most cases, SKM keys are preferable, but they may not be the best choice depending on what you are trying to accomplish.

Understood Mike. Thanks for your reply. I would like to further know this

What are the recommended encryption strengths and ciphers that we should use? Also what is the size of Cipher (AES) by default and is it configurable? I can see the option in Encryption Management Server for tweaking RSA Key Size but no option for changing Cipher Key Size.