Data storage systems, just like paper records, can be a privacy and security liability for your home or business. Encrypting your data at rest is a practical safeguard against data breaches. But when it comes to sharing data over a network, disk encryption becomes slightly more complicated. For simple encryption systems, you have two main options: mounting the encrypted volume on a data server or sharing an dismounted drive over the network. Each of these approaches has its own advantages and disadvantages.
Sharing a Mounted Encrypted Disk Over a Network
One method for sharing a single encrypted volume across several computers and operating systems is to simply have the encrypted volume on the file server. The server machine will handle the work of decrypting the data on-the-fly and sharing the contents with other machines on the network.
Pros of Sharing a Mounted Encrypted Disk Over a Network
In terms of usability, this is the most straightforward method. Users will access files from the encrypted volume the same way they would access unencrypted files on the server. They won’t require any additional software, nor will there be any additional potential for file collisions introduced. Users will be able to read and write over the network without any difficulties.
Cons of Sharing a Mounted Encrypted Disk Over a Network
The biggest drawback of this method is that the data transmitted over the network will not be encrypted. Of course, you can still combine this method with SSL, TLS, VPN or other data in motion encryption methods. Another drawback is that this method requires an operating system that can mount the encrypted volumes. Most full-fledged file servers running Windows Server, Mac OS X Server or Linux can handle this. But network-attached-storage (NAS) devices and other appliances may not be able to mount the encrypted disk.
Sharing a Dismounted Encrypted Disk Over a Network
The other method is to share the volume itself over the network without mounting it. With this approach, the entire volume is made available on the network and the client machines mount the drive locally.
Pros of Sharing a Dismounted Encrypted Disk Over a Network
The advantage of this method is that the data is encrypted while being transmitted over the network. This prevents any man-in-the-middle type attacks, which are particularly an issue with wireless networks.
Cons of Sharing a Dismounted Encrypted Disk Over a Network
The disadvantage of this method is that, for most setups, users will only have read only access. This is to prevent the volume from being mounted by multiple users and written to inconsistently. Furthermore, each machine accessing the encrypted data must have the software necessary to mount and decrypt the data. While this won’t likely be an issue for Windows, Mac OS and Linux devices, it could be problematic for mobile devices, such as iPhones, BlackBerry phones and Android phones.
As with all security-related IT practices, layering your methods of protecting your data is always recommended. For this reason, mounting an encrypted drive and sharing that over the network will likely be the best option for most systems. Combined with another encryption method, this provides the best balance between accessibility of data and security of data at rest and data in motion.
Sharing Encrypted Disks Over a Network
No comments yet. Sign in to add the first!