Secure File Transfer?

[office politics]

How would you handle a need to xfer data files securely from within an enterprise?

the best i can come up with is to use 7zip to encrypt with AES and verbally communicate the password. They usually need to install 7zip on their side.

 

[luke127]

What about Axcrypt?

 

[KSoD]

If you are within an enterprise they usually have their own intranet. Therefor they can deploy files via their servers that cant be accessed via the internet. As the files can only be accessed by computers connected to their intranet.

Walmart does this. They have their own intranet that can only be accessed from the terminals within the store. They have this thing called The Wire where you go for information on just about everything within the company as well as access things like your schedule and various other tools used within the stores. They even have their own secure email. While it maybe using Outlook Web, you can only access the email from within the store. I have my own email account through Walmart, but I cant access it via my home PC.

So anytime a file is created within the store for any purpose, it can be shared easily by just attaching it to an email and sending it to the proper people. I have created several excel files and word documents for inter store purposes and have shared them with other stores just by sending them via email. The files never leave the company intranet and can only be accessed within the stores, so there is no worry that they will ever be compromised.

Granted this is for a larger company that has the resources for such things. But even a start up can do it easily. Just setup a HTTPS connection that requires a login. That way the files can be accessed but you need to have a username and password to access the server.

 

[Lexluethar]

This is what we use: <none> | Secure File Sharing - Mobile Security - Secure Collaboration - Accellion

Essentially sets up a FTP site on your domain that internal and external (by invite) can use. It's safe, secure and easy to use.

 

[kmote]

You could use SFTP.

 

[Sheepykins]

WE use PGP encryption at work.
without sharing keys noone else can decrypt the file. and the keys are generated with current system information so its difficult to fake a key.

 

[kmote]

WE use PGP encryption at work.
without sharing keys noone else can decrypt the file. and the keys are generated with current system information so its difficult to fake a key.

That would indeed be very secure but the problem is that you could only have one "recipient" per file.

 

[Sheepykins]

you have a public and private key, so long as you pass along your public key to whoever needs it you can send it to anyone. We mass mail files to clients at work often to two/three recipients at a time

- granted, it does require a bit of coordination on your part to setup, but its by far one of the securest ways i've found to transfer files.

 

[kmote]

you have a public and private key, so long as you pass along your public key to whoever needs it you can send it to anyone. We mass mail files to clients at work often to two/three recipients at a time

- granted, it does require a bit of coordination on your part to setup, but its by far one of the securest ways i've found to transfer files.

The normal way of sending a file to someone would be to encrypt it with both your private key and their public key as this means that they can verify the file came from you (and is unmodified) and that only they can read it.
If you only encrypt it with your private key then anyone with your public key (potentially everyone) can read it, indeed, if you send this in (unsecured) email then that is definitely something you should consider.