Forums Community AxCrypt security model may not match our requirements?

This topic contains 9 replies, has 2 voices, and was last updated by  John Gray 7 years, 9 months ago.

Viewing 10 posts - 1 through 10 (of 10 total)
  • Author
    Posts
  • #3572 Reply

    John Gray

    Our current requirement is to secure a number of HR/Personnel folders and the files they contain on a shared folder on our Windows 2008 R2 file server:

    • the Senior Manager would know the password for each of the HR folders, and would thus be able to access ALL the HR folders and files
    • each Manager would know only the password for their own HR folder, and would thus be able to access ONLY their own HR folder and files

    This would be fairly easy to achieve via NTFS folder and file permissions – but for the fact that we operate workgroups (not a domain) and all the Managers use the same user name to sign on.

    The ability of the Premium version of AxCrypt to encrypt/secure any file dropped into a secured folder is a great feature, because it requires no further work by the user.

    However, reading Svante’s various Blogs about passwords makes me think that not even the Premium version of AxCrypt will enable me to satisfy the above requirements.  Am I correct, or do I just not understand the detail of how AxCrypt operates?

    #3573 Reply

    Svante
    Spectator

    Hello John,

    First of all, there’s a fundamental difference between authentication and access control vs. encryption, i.e. in your case NTFS vs. AxCrypt. See http://www.axcrypt.net/blog/encryption-vs-authentication/ for a detailed discussion.

    From what I can, AxCrypt can handle your requirements with the Premium function (it does require a small amount of co-operation from the ‘normal’ HR Managers.

    Each user would simply designate their own folder (or any folders) as a Secured Folder, and set Key Sharing by adding the Senior Managers e-mail.

    All files in such a folder will be accessible (decryptable/openable) by the ‘normal’  HR Manager (the owner as it were) and the Senior Manager and no-one else. The ‘normal’ HR Manager and the Senior Manager would user their own personal passwords to sign in to AxCrypt and will never have to share any passwords.

    If I understood the requirements correctly, it’s pretty much a perfect fit.

    #3595 Reply

    Robert M

    I have similar requirements on a small scale.

    It seems to me the cleanest solution would be for the Senior Manager to have a premium account.  (The lower-level managers could have free accounts.)  The Senior Manager could then import the keys of the managers to encrypt and share the folders, as appropriate.

    That’s how I do it, anyway.

    #3601 Reply

    Robert M

    Thinking further about this … my solution may not work if the managers are making routine changes to the folders.  In my situation, all changes to shared docs are made by me, so only I need a premium account.  I have total control.  But that’s not usually the case, is it?

    So maybe each manager needs a premium account after all.

    Sorry, I’m easily confused sometimes.

     

    #3604 Reply

    Svante
    Spectator

    The idea is that to *share* a file key with someone requires Premium. To be shared with does not, and updating the file will work for the sharee as well. To *share* a new file, or add/remove a sharee, requires Premium.

    #3612 Reply

    John Gray

    Thanks, Savante

    I’m pleased that AxCrypt would do the rather trivial job which we want, but unhappy that the Premium version would be required at significant expense.

    Still, that’s life!

     

    #3613 Reply

    Svante
    Spectator

    John,

    What can I say? We need to pay the rent too, as you say, that’s life! Sorry, but we do need the revenue! Still, €2/month is not really that significant a cost, is it? That’s what we hope most people will feel anyway, compared to the benefits.

    Good luck!

    #3617 Reply

    John Gray

    I agree that €3 (surely, not €2?) a month is not a huge amount for an individual, but multiply up by ten and that’s €360 a year, or £300 (+ VAT) a year at current exchange rates.  That’s a lot for a charity for one piece of software for ten staff.

    In comparison UK charities could get just over 14 copies of Microsoft Office Standard for the same price – and that’s a one-off cost, not annual!

    There’s no point me pursuing the matter – we’ll just make do with the less-efficient password protection of Word documents and Excel spreadsheets…

    #3618 Reply

    Svante
    Spectator

    John,

    Yes, I agree that if you need it for 10 persons it is more significant, although I do mean €2 at yearly rates. €24/year + VAT (not sure if you are VAT registred or not).

    On the other hand, stay tuned, we have already discussed gratis Premium for registred charities, possibly eductional institutions etc. Right now, the problem is we don’t have any way to manage such things. It will likely be a part of the functionality of our upcoming business volume discount management, so then we may well decide to offer it for free to charities etc.

    The password protection of Word and Excel is useful, but less strong than the Free version of AxCrypt. Still, it may well be sufficient for your needs, and for those documents it’s probably in many ways easier to use. I would not store for example medical information or other persons financial situation in a password protected Word-document, but certainly things of lesser importance.

    #3619 Reply

    John Gray

    Svante

    That all sounds very encouraging for the future!

    No, we are not VAT registered so cannot reclaim it – VAT reclaiming would probably apply only to very large charities, and we are just a fairly local one.

    Thanks for your very civilised and informative responses!

Viewing 10 posts - 1 through 10 (of 10 total)
Reply To: AxCrypt security model may not match our requirements?
Your information: