I can't seem to find a good, practical way to encrypt documents on a shared drive...
This is a samba share on centos using ADS auth. The primary doc format will be PDF.
Is there a good on-thy-fly encryption/decription scheme I can't find? Things like TC are great and all, but a couple of issue with a full-disk soluton:
It requires that someone (or some script) unlock and lock the drive at the beginning and end of each day;
While unlocked it sits there on the LAN un-protected (aside from ADS authentication to access the drive);
I understand the PDF has some built-in security/crypto features, but the volume of documents will make the usage of them wholly inefficient.
How do people deal with storing data locally? Is the focus generally more on perimeter security?
This isn't really an answer to your exact problem, more of an alternative strategy which I have used in the past for accessing sensitive data. I set up a VM, and locally store the documents. Locally encrypting stuff is much easier. Then, anyone wishing to access the data will remotely connect to the running VM.
There are many flavours to this model too:
Generally it has worked pretty well, and circumvents a lot of technical headache at the cost of increased group organization.