We have recently received a few client contracts where all client files must be encrypted at all times. The challenge we are having is sharing encrypted files and simultaneous access on network shares.
There are thousands of files which need to remain encrypted and accessed by different users and services. Microsoft's encryption hasn't worked very well for us under Windows XP and assigning multiple certificates to a file so multiple people may access them is cumbersome and error-prone.
We are currently using PGP NetShare on our clients folders but are running into issues when multiple people access a file (e.g. Microsoft Access) or viewing thousands of files in a folder (the list keeps refreshing returning your view to the top, Windows Explorer).
We are contacting PGP about these issues, but I thought it a good time to find out what has worked in the wild; what solutions others have come up with to deal with selective file encryption on network shares.
Our basic need to is to restrict file access to only those who are allowed to access the files for a given client. This restriction will be directory based, so there are not files that are encrypted and not-encrypted in the same directory. The files are stored on Windows Server 2008 storage server access via Windows shares. In a best case scenario we would be able to allow a service (using network credentials/user) to access and decrypt the files on a share. Something not possible with PGP NetShare (they can be access, but not decrypted).
Best Answer
Do the files need to be encrypted, or do you need to keep unauthorized people out? These are two distinct requirements.
I'd consider using a system level encryption on the files, on the Server 2008 computer, BitLocker might work well. Then use IPSec for encrypting LAN traffic. And just use normal access controls for authorization.