--Originally published at The shield of the world
So after all this information let’s continue talking about the HW encryption, shall we?
Single-user file/folder level
When an individual wishes to encrypt a single file or group of files there are several options. Most encryption software has the ability to encrypt files individually using a password or other key. Many encryption programs have the ability to create an encrypted “virtual drive”. This is an encrypted file that, when opened with the key, looks like another drive attached to the computer allowing the user to easily open and save files into an encrypted area. Some other applications, like MS Office and OpenOffice, have built-in, single-file encryption features.
Depending on how the encryption software is used, this approach can provide protection from data disclosure when transferring information over the network. E.g. an individual file can be encrypted and then sent as an email attachment, assuming the recipient has the ability to decrypt it.
Multi-user file/folder level
Allowing multiple users to simultaneously access encrypted information is more complicated than a single user. The encryption software must allow the use of either multiple keys (i.e. one for each user) or a shared key (e.g. a shared password). Additionally, the software must deal with multi-user file locking issues (this is usually a problem with the virtual drive approach mentioned in the last section).
This approach can provide an additional layer of protection against the disclosure of highly confidential data on file servers in the event they are compromised. I can also help protect against disclosure on backup media as the files would remain encrypted when backed up.
This approach can get complicated if not all users have the encryption software installed, or they are not configured consistently. This could lead users being unable to access encrypted information or incorrectly believing they