Hey everyone! We've been approached by one of our biggest partners to implement file-level encryption for our stored files. Currently, we have a mix of Windows and Linux file servers, and we've looked into various encryption platforms, but they don't seem to be the best fit for our needs.
Given that we frequently collaborate with external partners, I'm considering a new strategy for file storage that meets some key security requirements while also facilitating better collaboration. We deal with a variety of file types, including CAD files, Office documents, and Adobe files.
Here's what I'm hoping the new system will achieve:
- File-level encryption
- Secure external sharing with authentication
- Single Sign-On (SSO) via EntraID
- Versioning capabilities
- Ability to create team/group folders with user-level permissions
- Future plans for Data Classification and Data Loss Prevention
- On-prem backup options
Additionally, I need a solution that can still allow data sharing with OT machines in our factory, which only support FTP/SMB connections. One idea is to set up a VM that syncs data from the cloud and provides a legacy share.
We're currently evaluating a few options:
- Nextcloud on-prem using Netapp Ontap for S3 storage
- Nextcloud hosted in the cloud with Cubbit for backend
- Box (we already have 50 users utilizing this for partner collaboration)
- Sharepoint
- Kiteworks
We have around 150 users and are on the M365 Business Premium license, but we're open to other solutions besides Microsoft. I'd appreciate any suggestions or insights on this! Thanks a ton!
3 Answers
We typically use Full-Disk Encryption for our clients. Our secure datacenter servers don't require encryption at rest since the backend takes care of it. Have you thought about a similar approach?
In my last job, we handled Full Disk Encryption with VMware by letting the SANs manage it all, which worked seamlessly. For file-level encryption, I’d suggest enabling EFS, but note it can be pretty fragile—any password reset could make user data unrecoverable. Consider using file servers with backend encryption instead! You might want to consult a VAR for detailed options.
I’m curious about the specific issue you want to resolve with file-level encryption. Are you currently doing volume-level encryption on your systems?
We’re considering it because our Windows/Linux machines let people access and copy all files easily. So, shifting our storage approach gives us a chance to enhance collaboration too.
That sounds helpful! How did you handle backup and recovery with VMware’s encryption? Did your backup system work well with it?