PGP NetShare

Overview

File servers have emerged as an industry-standard tool for enabling users to collaborate and share large files. Unfortunately, unprotected files pose a critical risk to an enterprise’s most sensitive data: customer information, financial data, trade secrets, and other proprietary information. Exposure of this data can result in financial loss, legal ramifications, and brand damage.

PGP® NetShare enables teams to securely share documents on file servers by automatically and transparently encrypting the files for fine-grained group access. This approach ensures that only authorized users can read or modify files, fulfilling partner and regulatory requirements for information partitioning and security.

• Easy, automatic operation–Protects shared files without changing the user experience.
• Enforced security policies–Automatically enforce data protection with centrally managed policies.
• Accelerated deployment–Achieves network file encryption using the existing infrastructure.

As a PGP® Encryption Platform–enabled application, PGP NetShare can be used with PGP Universal™ Server to manage policies for data protection, users, keys, and configurations. This expedites deployment and policy enforcement. PGP NetShare can also be used in combination with other PGP® encryption applications to provide multiple layers of security.

Technical Specifications

Technical Specifications

Supported Desktop Systems

• Microsoft Windows Vista (all 32-bit and 64-bit versions, including Service Pack 1)
• Microsoft Windows XP Professional 32-bit (Service Pack 1, 2 and 3)
• Microsoft Windows XP Professional 64-bit (Service Pack 1 and 2)
• Microsoft Windows XP Tablet PC Edition 2005 (requires attached keyboard)
• Microsoft Windows 2003 Server (Service Pack 1 and 2)*
• Microsoft Windows 2000 Professional (Service Pack 4)

• * Full disk encryption functionality is not supported on Windows 2000 Server or 2003 Server.

Localization

• English
• German
• Japanese

Authentication Options

• OpenPGP RFC 4880 keys
• X.509 certificates

Supported Storage Systems

• Windows file shares (SMB, CIFS)
• Samba, NAS and SAN volumes
• Locally attached hard drives (internal and external)
• USB flash drives

Symmetric Key Algorithms–PGP NetShare

• 256-bit AES key in EME mode

Centralized Management Requirements

• PGP Universal™ Server 2.9*

*PGP Universal Server requires a dedicated server.

Two-Factor Authentication

PGP® NetShare recognizes and works with the following:

• DoD Common Access Cards (CACs) with the ActivCard Gold 2.0 profile
• Athena Smart Card Solutions smart cards, including the ASEKey USB token
• AET SafeSign smart cards, including ASEKey 1.0
• Axalto (formerly Schlumberger) smart cards, including the Cryptoflex 32K
• SafeNet smart cards, including iKey 2032
• Aladdin smart cards, including eToken PRO USB 16K, 32K, and 64K
• GemPlus smart cards, including SafesITe and GemXpresso Pro, using GemSafe Libraries 4.2.0-015 (Gold)

PGP NetShare also recognizes and works with smart cards from other vendors if the vendor includes a standards-based PKCS-11 library in its software drivers.

FAQ

General

What is PGP NetShare and why is it important?

PGP NetShare provides secure, shared file encryption (including application policy-based encryption) without requiring changes to end-user applications, processes, or workflow or to an organization's storage infrastructure. IT backup and archiving applications remain as-is. PGP NetShare enables complete role separation between those authorized to create, change, and view content and systems administration personnel.

When should organizations use PGP NetShare?

Organizations should use PGP NetShare when they want to encrypt local file shares or shared folders on network servers.

Does PGP NetShare protect at the folder or file level?

Both. PGP NetShare allows for protected work area access control in folders and self-contained file protection independent of location.

Does PGP NetShare protect information on removable media?

Yes. With PGP NetShare, protection remains with any files copied to local storage or removable media from a shared, protected folder. PGP NetShare can also be used in conjunction with PGP Universal Server, PGP Whole Disk Encryption, PGP Virtual Disk, and PGP Desktop solutions for added security.

Is PGP NetShare a hardware appliance?

No. PGP NetShare is a client-based software solution.

What impact will PGP NetShare have on servers and networks?

Virtually none. Because PGP NetShare is client-based, it can scale to include thousands of users without degrading system, server, or network performance.

Do people have to change the way they work to use PGP NetShare?

No. With PGP NetShare, users simply create, save, and share files as before without changing their behavior or requiring additional training.

How is PGP NetShare different from PGP Virtual Disk and PGP Whole Disk Encryption?

PGP NetShare protects files in a shared, collaborative environment, usually over a network. PGP Virtual Disk and PGP Whole Disk Encryption protect individual drives or portions of drives on a local system. All three are best-of-breed security solutions designed for different use cases.

Is PGP NetShare part of the PGP Encryption Platform?

Yes. Organizations that deploy PGP NetShare or any PGP encryption application automatically deploy the PGP Encryption Platform. The PGP Encryption Platform provides a strategic enterprise encryption framework for shared user management, policy, and provisioning automated across multiple, integrated encryption applications. As another PGP Encryption Platform–enabled application, PGP NetShare leverages users, keys, and configurations, expediting deployment and policy enforcement. PGP NetShare can be used in combination with other PGP encryption solutions to provide multiple layers of security.

What's new in PGP NetShare 9.9?

Centrally defined data protection–Defines policy to protect files stored in specific directories or based on application, enforcing security without impacting user behavior.*

Remote Application Delivery–Supports data protection in Citrix and Microsoft Terminal Server sessions (Remove Desktop).

* Requires PGP Universal™ Server 2.9

Technical

Can PGP users use existing PGP keys with PGP NetShare?

Yes. PGP users can use existing PGP keys with PGP NetShare.

Can people use existing X.509 certificates with PGP NetShare?

Yes. People can use existing X.509 certificates with PGP NetShare.

Does PGP NetShare support separation of duties?

Yes. IT administrators can manage and back up PGP NetShare–protected files even if they do not have rights to decrypt the data. This functionality restricts file/folder access to authorized users only.

Does PGP NetShare re-encrypt my files when I make a change?

No. PGP NetShare does not need to re-encrypt your files when you make edits to the file, or even when you update PGP NetShare membership by adding or removing authorized users.

PGP NetShare operates at the file block level. This setup means that only updated blocks (or new blocks) need to be written to disk, as required by the application. When PGP NetShare membership changes, only a known-size file header is updated to reflect the change in user access. No other file changes are required.

Does PGP NetShare require a server for access?

No. PGP NetShare is a client process, so users are able to work both with remote and local files. Because PGP NetShare does not require access to a specialized server, users have consistent access whether they are online or offline, enabling consistent productivity.

Further, PGP NetShare does not require that any software be installed on existing file servers. This setup allows PGP NetShare to work with the user's existing CIFS/SMB deployment.

Does PGP NetShare provide a way to access encrypted data if users lose their encryption keys?

Yes. When used in conjunction with PGP Universal Server, PGP NetShare enables organizations to always retain access to encrypted information (according to policy) using patented PGP® Additional Decryption Key (ADK) technology. With the ADK, information is encrypted to an additional corporate key. The ADK may also be split between several people to ensure no individual has unauthorized access.

Which document formats are supported?

PGP NetShare supports all common digital formats: document, spreadsheet, presentation, Web, video, and audio.

Do organizations need to make any changes to their backup systems to use PGP NetShare?

No. PGP NetShare does not impact existing backup systems or processes. With PGP NetShare, files backed up from file servers remain encrypted.

Do organizations need to make any changes to their storage systems to use PGP NetShare?

No. PGP NetShare is storage system–neutral and works without requiring any changes to existing file shares, including Windows servers, network-attached storage (NAS), and storage area networks (SANs).

Which file servers are supported?

PGP NetShare supports the following file servers:

• Windows file servers
• Other file servers that share data using CIFS or SMB

Which file systems are supported?

PGP NetShare supports the following file systems:

• FAT
• FAT32
• NTFS

Which operating systems are supported?

PGP NetShare supports the following operating systems:

• Windows Vista (all 32-bit and 64-bit versions)
• Windows Server 2003 (SP1)
• Windows XP - 32 bit (Service Pack 1, 2 or 3)
• Windows XP - 64 bit (Service Pack 2)
• Windows XP Tablet PC Edition 2005 (keyboard required)
• Windows 2000 (SP4)