Protecting Sensitive Data on Shared Networks
4 Traditional Methods: Client Versus Server
Traditional network folder encryption solutions use client-only architecture. Unfortunately,
safeguards derived from this technology are less secure, difficult to manage and require
additional training for the administrators.
The latest development in client-server architecture is persistent, transparent and automatic, so
there are no adverse effects on the end-user and administrator training is kept to a minimum. It
offers easy deployment and also provides detailed records and logs of user and administrator
Shortcomings of Client-only Solutions
Traditional client-only architecture solutions possess a limited feature set for safeguarding files
and folders via encryption, but were the best method of performing the task at the time.
Technology advances have made their shortcomings apparent and highlight gaps in security and
manageability that otherwise may have been left vulnerable.
In a client-only architecture environment the keys used to decrypt the data are often stored within
the folder or computer itself (as opposed to a centrally managed server). With this method, a
group of end-users can use a private key to decrypt a file or folder that was encrypted using a
Basic management of folder permissions is difficult. Updating permissions on a large group of
folders is overwhelming. To amend access for even a single user would not only require touching
each affected folder, but in some instances, re-encrypting the folder s contents as well.
As its name suggests, client-only solutions usually store the decryption keys inside each secure
folder. Without a server component, individuals have unrestricted access to protected data when
they re not connected to the network, thereby exposing the information to the threat of a data
breach. Furthermore, there is no log or report of who accessed content in a given folder.
Advantages of a Centralized Server Architecture
In contrast to client-only solutions, client-server architecture stores all folder settings and
decryption keys centrally on a server. This change in thinking allows efficient management of
folder settings and decryption keys.
As the flagship feature of a client-server solution, folder administrators can add or remove users
from a particular folder via the server and are not forced to modify each and every folder the user
is associated with.
Additionally, this foundation allows for detailed logging and tracking of folder access for auditing
Copyright 2006 Entrust. All rights reserved.