Protecting Sensitive Data on Shared Networks

4   Traditional Methods: Client Versus Server 

Traditional network folder encryption solutions use client-only architecture. Unfortunately,

safeguards derived from this technology are less secure, difficult to manage and require

additional training for the administrators.

 

The latest development in client-server architecture is persistent, transparent and automatic, so

there are no adverse effects on the end-user and administrator training is kept to a minimum. It

offers easy deployment and also provides detailed records and logs of user and administrator

activity.

 

 

Shortcomings of Client-only Solutions

 

Traditional client-only architecture solutions possess a limited feature set for safeguarding files

and folders via encryption, but were the best method of performing the task at the time.

Technology advances have made their shortcomings apparent and highlight gaps in security and

manageability that otherwise may have been left vulnerable.

 

In a client-only architecture environment the keys used to decrypt the data are often stored within

the folder or computer itself (as opposed to a centrally managed server). With this method, a

group of end-users can use a private key to decrypt a file or folder that was encrypted using a

public key.

 

Basic management of folder permissions is difficult. Updating permissions on a large group of

folders is overwhelming. To amend access for even a single user would not only require touching

each affected folder, but in some instances, re-encrypting the folder s contents as well.

 

As its name suggests, client-only solutions usually store the decryption keys inside each secure

folder. Without a server component, individuals have unrestricted access to protected data when

they re not connected to the network, thereby exposing the information to the threat of a data

breach. Furthermore, there is no log or report of who accessed content in a given folder.

 

 

Advantages of a Centralized Server Architecture

 

In contrast to client-only solutions, client-server architecture stores all folder settings and

decryption keys centrally on a server. This change in thinking allows efficient management of

folder settings and decryption keys.

 

As the flagship feature of a client-server solution, folder administrators can add or remove users

from a particular folder via the server and are not forced to modify each and every folder the user

is associated with.

 

Additionally, this foundation allows for detailed logging and tracking of folder access for auditing

purposes.

 

 

  Copyright 2006 Entrust. All rights reserved.

Page 7

www.entrust.com