OSP - Assignment 1 Task 1


Executive Summary 

 

This report reviews the essential cybersecurity tools that an SME needs to protect its systems, data, and users. It focuses on three core areas: password managers, firewalls, and file‑encryption tools. Each tool was assessed for its security benefits, ease of use, cost, and suitability for a growing organisation. 

For password managers, cloud‑based and enterprise solutions were found to be the most effective for SMEs because they offer central management, secure sharing, and strong protection against weak or reused passwords. After comparing options, NordPass Business is recommended due to its strong security features, ease of use, and positive feedback from business users. 

The report also compares different types of firewalls, including hardware, software, and cloud‑based options. Software‑only firewalls were identified as the least suitable for SMEs because they are harder to manage and offer weaker protection. Cloudflare WAF is recommended as the best overall choice because it provides strong security, automatic updates, and simple deployment without the need for specialist skills. Cisco ASA remains a good alternative for organisations with in‑house IT expertise and more complex network needs. 

Finally, the report explains the importance of file‑encryption tools for protecting sensitive data. It outlines the main types of encryption and highlights how encryption helps organisations meet legal requirements such as GDPR and the Data Protection Act 2018. 

Overall, the recommended tools provide strong security, support compliance, and are suitable for SMEs that need reliable protection without unnecessary complexity. 

 

 

Introduction 

Cybersecurity is essential for every modern organisation, and choosing the right protection tools is key to keeping systems, data, and users safe. Firewalls, Password Manager software, and File encryption tool each play a crucial role in defending against cyber threats, but their effectiveness depends on selecting the right type and understanding their strengths and limitations. This report will provide a concise overview of different firewall types, compare hardware, software, and cloud-based solutions, and evaluate leading file encryption tool and password manager products based on required security capabilities. The aim is to identify the most suitable options for the organisation and ensure a secure, reliable, and compliant digital environment. 

 

Password Manager Types 

Based upon delivery method, there are 3 different categories of password managers available for SMEs 

  • Local Password Managers 

  • Cloud-Based Password Managers 

  • Enterprise/Federated Password Managers 

Local Password Managers 

Local password managers are applications that keep all your saved passwords, notes, and keys in an encrypted file, which is stored on your device. Nothing is uploaded to the company’s servers unless you choose to sync manually using your own method. They are often open source, which allows independent security audits and long-term transparency. They use a single strong master password to unlock your local encrypted database. 

Benefits 

Drawbacks 

  • Maximum privacy and control: No third-party cloud servers; you choose where the vault lives 

  • Reduced attack surface: No centralised cloud vault to target, lowering mass-breach risk 

  • Offline access – works fully without internet, ideal for secure environments or travel 

  • Manual setup across device: Requires more technical comfort, especially on mobile 

  • More responsibility: Losing the vault file or forgetting the master password means no recovery 

  • No automatic syncing: You must manage syncing yourself, which can be inconvenient or error-prone 

 

Cloud-Based Password Manager 

A cloud-based password manager is a service that keeps your passwords, secure notes, and other credentials in an encrypted vault stored on the provider's cloud infrastructure. You unlock the vault with a master password, and the service syncs your data automatically across your devices, such as phones, laptops, browsers, and tablets. 

Most modern services use a zero-knowledge design, meaning the provider cannot decrypt your vault because the key is derived from your master password on your device. 

Benefits 

Drawbacks 

  • Effortless syncing: Your vault stays updated across devices automatically 

  • Easy onboarding: Great for user and organisations wanting a simple setup 

  • Cross-platform support: Consistent experience on Windows, macOS, Linux… 

  • Recovery options: Some services provide account recovery if you lose access 

  • Internet dependency: required for syncing and sometimes for login 

  • Subscription cost: Many cloud based managers use paid plans 

  • Trust in provider: Even with zero knowledge encryption, you rely on their infrastructure and security 

  • Attractive target: Centralised encrypted vaults can be targeted in largescale breaches, increasing business risk 

 

Enterprise/Federated Password Managers 

Enterprise password managers are systems that store and manage passwords and access credentials for teams, departments, or even entire organisations. They work by encrypting data locally using a master password, syncs across devices, and enables IT to enforce security policies. 

Benefits 

Drawbacks 

  • Centralised control: Admins can enforce policies, manage permissions, and revoke access instantly 

  • Federated Login: Employees authenticate using existing corporate identify systems 

  • Audit and compliance: Logs, report, and access trails support regulatory requirements for SME 

  • Automated onboarding/offboarding: Reduces risk when employees join or leave 

  • Cost: Enterprise licenses can be expensive, especially at scale 

  • Complexity: Requires setup, policy design, and ongoing administration 

  • Training needed: Staff must learn how to use the system properly 

  • Centralised Risk: A misconfiguration or compromised account can have a significant organisational impact 

 

Password Manager Recommendation 

A password manager in an SME needs to be secure, centrally managed, scalable, and easy for staff to use. When comparing local, cloud-based, and enterprise password managers, the least suitable option is a local password manager due to several factors, such as: 

  • No central administration – IT cannot enforce policies, reset passwords, or remove access when staff leave 

  • High risk of data loss – If the device fails, is stolen, or corrupted, passwords may be unrecoverable unless backups are manually maintained, which would require more resources 

  • Poor scalability – Adding new userssyncing across devices, or supporting remote workers becomes more complicated 

  • Weak collaboration – SMEs often need shared credentials; local tools make sharing insecure or inconvenient 

  • Security depends on each device – Malware, outdated software, or user mistakes can compromise the entire password store 

  • No audit trails – SMEs cannot track who accessed what, which is essential for compliance and accountability 

This is why I recommend between cloud-based and enterprise password managers as they are better options for an SME because they solve the core problems SMEs faceLocal password managers fail in these areas, while cloud and enterprise solutions directly support how SMEs operate today. 

Password Manager 

NordPass Password Manager 

Price: £3.59 per user/month (14-day NordPass Business Trial included) 

Pros 

Cons 

  • Customer-Friendly sharing option 

  • Credit Card and Email address breach scans 

  • Password Health tools 

  • Emergency Access 

  • Email Masking 

  • Limited free plan 

  • Lacks premium trials for personal plans 

 

Pricing and Plans: 

I recommend the Premium version of the app because it offers affordable pricing and includes high-quality features and settings for SMEs. NordPass offers a free plan, but it limits you to one account and doesn’t sync passwords across all your devices. 

Platforms: 

NordPass offers browser extensions for: 

  • Chrome, Edge, Firefox, Opera, and Safari 

Mobile apps for Android and iOS and desktop applications for Linux, macOS, and Windows. 

User Reviews: Source: ( NordPass Business Reviews & Ratings 2026 ) 

 

NordPass Business has been awarded a 9.1 out of 10 from a trusted source “Trust Radius”. It has been reported that the password manager helps SMBs and Enterprises optimise the company’s workflow and boost productivity.  

 

 

 

The review strengthens NordPass’s reputation by coming from a verified, experienced business user who gives it a full 5‑star rating. The reviewer highlights that they manage many logins and that NordPass Business has been “incredible” for maintaining security, suggesting it performs reliably under heavy and professional use. The fact that the review is vetted and tied to real user credentials adds credibility, making it a strong recommendation due to NordPass’s effectiveness and trustworthiness. 

Tech Specifications: 

Actionable Password Strength Report 

 

Digital Legacy 

 

Fill Web Forms 

 

Import from Browsers 

 

Multiple Form-Filling Identities 

 

Product Category 

Password Managers 

Product Price Type 

Direct 

Secure Password Sharing 

 

Two-Factor Authentication 

 

 

RoboForm for Business 

Price: £9.45 for the first year (£23.88/year) 

Pros 

Cons 

  • Affordable service plans 

  • 30-day free business or premium trial 

  • Includes data breach monitoring 

  • Emergency access available 

  • Informative tutorials and in-app tips 

  • Restrictive free plan 

  • Limited sharing options 

 

Pricing and Features: 

RoboForm Business costs £23.88 per user per year. In addition to the primary password management features, the plan includes an Admin Centre where you assign roles for access control and view detailed activity logs, audit reports, a dedicated account manager, dark web monitoring, secure sharing, SCIM provisioning, and SSO integration. 

Supported Platforms: 

RoboForm offers desktop clients for both Mac and Windows, as well as apps for Android and iOS, and browser extensions for Chrome, Edge and Firefox. 

User Reviews: Source: (RoboForm Reviews & Ratings 2026 ) 

RoboForm has been awarded a 9.2 out of 10 by a trusted source “Trust Radius”. It’s been reported that the software helps companies to organise logins and passwords, making password generation, storing and sharing easier and much more secure optimal for SMEs. 

 

 

RoboForm stands out as a strong choice for anyone seeking a reliable password manager, and this review reinforces that. A verified executive with over a decade of experience gives the product a full five‑star rating, praising how effectively it eliminates the need to remember countless passwords and provides quick, effortless access to them. With the added credibility of a vetted, transparent review, it’s clear that RoboForm delivers meaningful value in a business environment where security and convenience matter. 

Tech Specifications: 

Actionable Password Strength Report 

 

Digital Legacy 

 

Fill Web Forms 

 

Import from Browsers 

 

Multiple Form-Filling Identities 

 

Product Category 

Password Managers 

Product Price Type 

Direct 

Secure Password Sharing 

 

Two-Factor Authentication 

 

 

Password Manager’s Choice and Rationale 
For a small or medium‑sized enterprise, NordPass Business emerges as the stronger recommendation because it offers a more comprehensive balance of security, usability, and long‑term value compared with RoboForm.  

When comparing both tools, NordPass provides a richer set of advanced security features, such as password health reports, breach scans, email masking, and emergency access, which are especially valuable for SMEs that may not have a dedicated cybersecurity team but still need enterprise‑grade protection. Its business‑focused tools, including individual employee vaults, Google Workspace SSO, and a clean, intuitive admin dashboard, make it easier for managers to oversee access without adding complexity to daily operations. Although RoboForm is slightly cheaper and offers solid essentials like an Admin Centre, audit logs, and dark web monitoring, its more restrictive free plan and limited sharing options make it less flexible for growing teams. 

Both products score highly on Trust Radius, but NordPass’s reviews emphasise improved workflow and productivity, key priorities for SMEs aiming to streamline processes without sacrificing security. Taking all these factors together, feature depth, ease of adoption, strong user feedback, and suitability for small business environments.  

I concluded that NordPass Business provides the most future‑proof and operationally supportive solution for an SME, while still recognising RoboForm as a reliable alternative for organisations prioritising simplicity and lower upfront cost. 

Firewall Types 

Types of Firewalls 

Descriptions 

Packet Filtering Firewalls 

Inspect the headers of data packets, the IP addresses and port numbers, to block or allow traffic based on predefined rules. This offers cost-effective, high-performance, security and ease of use, making them an affordable first line of defence for simple security needs and small networks, perfect for a small organisation as its cost friendly and easy to set up. 

Circuit-Level Gateways 

Monitor network sessions for legitimate, established connections, preventing unauthorised access. Greater network performance, security, and cost-effective solution by operating at the session layer of the network model, which allows for faster and less resource-intensive security checks. They act as a proxy, enhancing privacy by masking internal IP addresses, providing simplicity in configuration and implementation, and can be a cost-efficient security solution compared to deep-packet inspection firewalls. 

Stateful Inspection Firewalls 

Track the status of network flows and connections, enabling more intelligent decisions on which packets are appropriate within a session. Key advantages include enhanced security through contextual understanding, improved threat detection of complex, multi-packet attacks, and dynamic logging for network security audits and improvement. This allows them track active network connections to analyse packet behaviour. 

Proxy Firewall 

Act as a single point of connection, mediating requests between internal and external networks to conceal internal identities. Proxy firewalls provide advanced security by acting as a central gateway that inspects all network traffic at the application level. This ensures security, defence and regulations are being followed. 

Next- Generation Firewalls 

A modern, comprehensive firewall that combines various security functions, including intrusion prevention, application awareness, and deep packet inspection, into one session. They provide cost efficiency by consolidating multiple security functions into one device, offer scalability to adapt to growing network needs, and help ensure regulatory compliance. 

Web Application Firewalls 

Specifically designed to protect web applications by inspecting and filtering HTTP traffic to prevent web-based attacks. It provides critical advantages for businesses by protecting against cyberattacks like SQL injection and Cross- Site Scripting (XSS), safeguarding sensitive data, enhancing compliance and boosting uptime. 

Based upon the delivery method, there are 3 different categories of firewalls available: 

  • Hardware-Based Firewalls 

  • Software-Based Firewalls 

  • Cloud-Based Firewalls 

Hardware-Based Firewalls 

hardware firewall is a dedicated physical device that sits between your internal network and the outside world, filtering traffic based on security rules. It acts as a gatekeeper, inspecting data packets and blocking anything that doesn’t meet the defined policies. This makes it a core layer of network protection for businesses. 

Benefits 

Drawbacks 

  • Continuous packet inspection: Examines traffic at the network edge and allows or blocks packets based on security rules. 

  • Encrypted traffic inspection: Can analyse SSL/TLS traffic to detect malicious content hidden inside an encrypted session 

  • Scalable architecture: Hardware can be upgraded or clustered as the network grows  

  • Higher Initial purchase cost: Appliances are more expensive than a software-based solution 

  • Ongoing maintenance: Requires firmware updates, threat-intelligence feeds, and occasional hardware servicing. 

  • Latency: Deep inspection and filtering can introduce delays to network traffic 

 

Software-Based Firewalls 

A security software that runs on a computer, server, VM, or cloud instance. It filters incoming and outgoing traffic, blocking suspicious traffic and preventing any unauthorised access. It also monitors outbound traffic to detect any malware attempting to communicate externally. 

Benefits 

Drawbacks 

  • Low-cost or built-in: Many operating systems include software firewalls for free, reducing upfront cost 

  • Easy deployment: Simple to install on laptops, desktops, and servers with minimal setup 

  • Flexible environments: Ideal for cloud workloads, VMs, and distributed networks where hardware cannot be placed 

  • User-Specific rules: Policies can be customised per device or per user control 

  • Consumes system resources: Uses CPU, RAM, and storage, which may impact device performance 

  • Can be disabled by malware: If the operating system is compromised, the firewall may be bypassed or turned off 

  • Limited perimeter control: You cannot block threats before they reach the device, unlike hardware firewalls 

 

Cloud-Based Firewall 

A cloud firewall is a software-driven firewall deployed on a cloud platform rather than physical hardware. It creates a virtual security perimeter around cloud resources such as VMs, databases, SaaS applications, and remote endpoints. It performs the same core functions as a traditional firewall, such as traffic filtering, access control, and threat detection, but is delivered as a cloud service. 

Benefits 

Drawbacks 

  • Scalability: Automatically scales with cloud workloads, handling traffic spikes without hardware upgrades 

  • Flexibility: Adapts to dynamic cloud environments where resources are frequently created, moved, or deleted 

  • Centralised Management: Policies can be applied across multiple cloud regions, accounts, and users from one console 

  • Cloud provider dependency: Security relies on the provider’s uptime, performance, and infrastructure stability 

  • Potential Latency: Traffic may be routed through cloud inspection points, adding delays 

  • Limited control: Organisations may have less control compared to managing their own hardware appliances 

 

Firewall Recommendation 

A software-based firewall is the least suitable firewall for SME when it's used as the primary line of defence.  

This consists of several reasons, such as: 

  • Being hard to manage consistently across many devices, as all devices need their own configuration, updates, and monitoring, which can be limited for SME organisations due to their limited IT staff, this becomes unmanageable and leads to threats going undetected. 

  • There is no strong perimeter protection as it protects individual endpoints, not the network, which means there is no central control point, no unified threat detection, and no protection for unmanaged devices which join the network. 

  • It's also highly reliant on user behaviour; if employees disable the firewall, the organisation will lose protection, making the software-only setups fragile and inconsistent.  

That’s why I recommend looking at different Cloud-Based and Hardware-Based solutions, as they are far more suitable for an SME than relying on software-only protection because they provide centralised control, stronger security boundaries, and far less dependence on individual devices or user behaviour. 

Legal/Security Requirements 

A password manager helps organisation host crucial confidential data and helps SMEs meet legal requirements around protecting personal data, securing access to systems, and preventing unauthorised access. Legislations such as UK GDPR requires organisations to meet certain criteria in order to make sure that data is protected at all times. Strong authentication is a core tool that supports the law. Password manager enforces strong, unique passwords for every system and reduces any risk of data theft and account compromise. Alongside UK GDPR legislations like Data Protection Act 2018 reinforces the requirements to secure personal data. As password manager support DPA 2018 criteria by helping organisation reduce the likelihood of any data breach and unauthorised access to sensitive information and support secure authentication for systems handling personal data. It is important for organisations (particularly SMEs) to avoid breaching these legislations as it involves consequences such as fines, lawsuits, and reputational damage which can impact their brand image and delay or cancel any organisations future goals or plans of expansion.  

Firewall 

Cloudflare WAF 

Price: $200/month (£149.02/month) 

Pros 

Cons 

  • Blocks zero-day exploits using machine-learning and threat intelligence from cloudflare’s global network  

  • Runs on Cloudflare’s global edge network, reducing latency and improving load times 

  • Offers pre-configured rules, automatic updates, and intuitive dashboards 

  • Some users report false-negatives alerts, meaning certain attacks may slip through 

  • Higher Latency and Slower response time in different countries 

  • Cloudflare’s rulesets need continuous tuning  

 

Price and Features 

This common plan used by UK businesses offers key features such as: 

  • Advanced WAF 

  • PCI compliance support 

  • 100% uptime SLA 

  • Prioritised support 

  • Custom SSL certificates 

  • Enhanced performance and caching controls 

User Reviews: Source (Cloudflare Reviews & Ratings 2026 ) 

Cloudflare is often a strong recommendation for an SME because it gives smaller organisations enterprise‑grade protection and performance without the enterprise‑grade complexity or cost. 

Cloudflare’s review clearly shows it’s a strong fit for SMEs because it highlights features that smaller businesses rely on, like bot protection, web optimisation, and reliable DNS, while also emphasising that the platform is well‑priced and built on a solid, scalable tech stack. Even the listed drawbacks relate to enterprise‑level partner processes, not day‑to‑day product use, which further suggests that SMEs benefit from a straightforward, powerful, and cost‑effective solution. 

Tech Specifications 

Core Security Capabilities  

Advanced WAF with OSWAP rules, custom rules, bot mitigation, threat intelligence from millions of sites, and built-in IDS/IPS style behaviour through Layer 7 inspection 

Network Protection and Control 

Unmetered L3-L7 DDoS protection, firewall rules, rate limiting, geo-blocking, IP reputation filtering, DNSSEC, and Zero Trust access points 

Performance and Reliability Features 

Global CDN, caching, image optimisation, load balancing, anycast routing, and a 100% uptime SLA on the Business plan 

Encryption and Certificate Support  

Automatic SSL/TLS, TLS 1.3 Support, custom SSL certificate upload, and secure key management  

Monitoring, Logging and Management 

Real-time analytics dashboard, security event insights, API access, and log export to SIEMs like Splunk or Datadog 

Scalability and Integration 

Seamless integration with Shopify, WordPress, Salesforce Commerce Cloud, AWS, Azure, and more; automatic rule updates; globally scalable edge network 

 

Cisco ASA / Cisco Firepower 

Price: Cisco Firepower 1010 (£500-£900) 

Pros 

Cons 

  • Strong enterprise-grade security suitable for SMEs 

  • Advanced threat protection with Firepower Services (IPS, malware defence, URL filtering) 

  • Highly reliable hardware with long lifecycle  

  • Supports site-to-site and remote-access VPN  

  • More expensive than many SME-focused firewalls 

  • Configuration can be complex for non-technical teams 

  • Licensing can be confusing 

  • Requires ongoing subscriptions for advanced features 

 

Key Features 

  • Next-Generation Firewall (NGFW) with deep packet inspection 

  • Intrusion Prevention System (IPS) via Firepower services  

  • URL and content filtering 

  • Malware and threat intelligence (Cisco Talos) 

  • High-Availability options 

  • Centralised management via FMC 

Cisco ASA is a strong recommendation for an SME because it delivers enterprise‑grade security in a way that smaller organisations can manage. This shows that ASA performs well in real business environments, supports hybrid working, and offers dependable protection without overwhelming SMEs with complexity. 

 

 

The review strengthens Cisco ASA as a solid choice for SMEs because it comes from a verified, experienced director with over a decade of hands‑on use, which gives the feedback strong credibility. The reviewer highlights that Cisco ASA provides a “great and easy way to manage” secure remote access to the office network, a critical requirement for SMEs with hybrid or remote staff. This shows that ASA is not only robust but also practical and manageable in real‑world environments. Combined with the positive tone and vetted status, the review shows that Cisco ASA is trusted, effective, and user‑friendly enough to support SME security needs without unnecessary complexity. 

Tech Specifications 

Deployment Type 

On-premises hardware firewall 

Throughput 

650 Mbps to 2Gbps depending on model 

VPN Throughput 

100-300 Mbps 

Management 

Firepower Management Centre 

Security Services 

IPS, AMP, URL filtering, threat intelligence 

High Availability 

Active/standby supported 

Form Factor 

Desktop or rackmount depending on model 

 

Firewall Choice and Rationale 

For an SME, Cloudflare WAF is the stronger overall choice, with Cisco ASA remaining a good option only in specific scenarios. 

Cloudflare WAF provides SMEs with enterprise‑grade protection, simple deployment, and predictable costs, all without requiring specialist networking skills. This makes it ideal for SMEs that need strong security but lack the resources to manage complex firewall appliances. Its ease of use, automatic updates, and strong user reviews make it a practical, scalable, and cost‑efficient solution. 

Cisco ASA, while powerful, is better suited to SMEs with dedicated IT staff and a need for secure remote access or internal network segmentation. It offers strong VPN capabilities and robust perimeter protection, but it requires more configuration, higher upfront cost, and ongoing technical management. For many SMEs, this level of complexity is unnecessary unless they have hybrid networks or compliance requirements that demand on‑premises control. 

Legal/Security requirements 

A firewall is a core security control that helps organisations meet legal obligations such as GDPR as they prevent unauthorised access to systems holding personal data and reduce any chance of data breaches. Alongside legislations like Data Protection Act 2018 reinforce the security requirements to secure personal data. It is important for organisations (particularly SMEs) to avoid breaching these legislations as it involves consequences such as fines, lawsuits, and reputational damage which can impact their brand image and delay or cancel any organisations future goals or plans of expansion. 

File Encryption Tool Types 

File encryption tools are software applications that protect digital data by converting readable information (plaintext) into unreadable, scrambled code (ciphertext) using cryptographic algorithms and keys. 

There are two primary types of encryption methods: 

 

Symmetric 

Asymmetric 

How it works  

Symmetric encryption works by using one shared secret key to both encrypt and decrypt data. Everything resolves around that single key: if you have it, you can read the data; if you don’t, the ciphertext is useless.  

Asymmetric encryption works by using 2 linked keys, a public key and a private key, to decrypt, sign, and verify data. Unlike symmetric encryption, the keys are not interchangeable, and only one of them can reverse the operation performed by the other. 

Key Types 

Single shared key 

Keypair: Public + Private Key 

Speed/Performance 

Very fast, efficient, for large data  

Slower, computationally heavy 

Best Use 

Encrypting large files or streams 

Securely exchanging keys and authentication 

Drawbacks 

Encrypting large files or streams  

Securely exchanging keys and authentication  

Based upon the delivery method, there are 3 different categories of file encryption tools available: 

  • Full-Disk Encryption (FDE) Tools 

  • File-Level & Folder Encryption tools  

  • Cloud-Based Encryption 

Full-Disk Encryption (FDE) Tools 

Full-disk encryption is a security method that encrypts 100% of a storage deviceThe encryption is applied automatically and continuously. When the device is powered off, the entire disk is unreadable. When you authenticate at boot, the disk decrypts in real time. 

Benefits 

Drawbacks 

  • Strong protection against physical theft: Stolen devices don’t expose data 

  • Automatic and transparent: No need to encrypt files manually 

  • Integrated with OS securityBitLocker/File Vault use hardware acceleration and secure key storage 

  • No protection when the system is unlocked: Malware or active attackers can access data 

  • Key loss means data loss: Without the recovery key, decryption is impossible 

  • Not suitable for secure file sharing: Protects devices, not individual files 

 

File-Level & Folder Encryption Tool 

File-Level encryption applies cryptographic protection to individual files or specific folders, rather than the whole drive. Each encrypted item becomes unreadable without the correct password, key or certificate. 

Benefits 

Drawbacks 

  • Selective protectionOnly sensitive items are encrypted 

  • Useful for sharingEncrypted files can be sent securely via email or cloud services 

  • Protection while logged inFiles remain encrypted until opened 

  • Cloud friendlyWorks well with OneDrive, Dropbox, Google Drive 

  • Cross platform portability: Encrypted archives/containers open on any OS with the right tool 

  • More manual work: Users must choose what to encrypt and decrypt updates 

  • Key/password loss means data loss: No recovery without the correct key 

  • Metadata exposure: Some tools leave filenames or folder structures visible 

  • Human error risk: Users may forget to encrypt new versions or temporary files 

  • Less system level protection: Swap files, caches, and temp data may remain unprotected 

 

Cloud-Based Encryption  

Cloud-Based encryption refers to any system where files are encrypted locally or encrypted by the cloud services before being stored on remote servers. The goal is to ensure that even if the cloud provider is compromised, your data remains unreadable. 

Benefits 

Drawbacks 

  • Strong protection for cloud stored dataUnreadable even if the provider is breached 

  • Works with any cloud serviceClient-side tools create encrypted folders that sync normally 

  • Secure sharing: Encrypted files can be shared without exposing plaintext 

  • Zero knowledge options: Some providers cannot decrypt your data at all 

  • Good for compliance: Supports GDPR, HIPAA, and corporate security requirements 

  • Cross platform: Works across Windows, macOS, Linux, iOS, and Android 

  • Key loss means data loss: No recovery without the encryption key 

  • More complexity: Users must manage passwords, vaults, and encrypted folders 

  • Server-side encryption is weakerProvider controls the keys and may be compelled to hand them over 

 

File Encryption Recommendation 

The least suitable file-encryption option for an SME is folder-level or file-level encryption used on its own. It offers useful protection in specific areas, but it lacks the scalability, consistency, and central control that SMEs typically need. Several factors influence my decision: 

  • No central management  Each user must manually encrypt files or folders, leading to inconsistent protection  

  • High risks of human error  Staff may forget to encrypt sensitive files, store unencrypted copies, or misconfigure settings 

  • Poor scalability  As the SME grows, managing hundreds of encrypted files becomes chaotic and challenging  

  • Difficult access control – Sharing encrypted files securely between employees is cumbersome and often insecure  

  • No device-wide protection  If a laptop is stolen, unencrypted files or cached data may still be exposed 

  • Limited auditing  SMEs cannot easily track who encrypted, accessed, or modified files. 

Full-Disk encryption (FDE) and cloud-based encryption are more suitable for an SME because they provide consistent protection, centralised control, and scalability, which are the core requirements for a small and medium-sized organisation.  

File-Encryption Tools 

NordLocker 

Price: $6.99/month ($83.88 for the first 12 months) - £5.21/month (£62.50/ year) 

Pros 

Cons 

  • Securely share encrypted files 

  • Advanced multi-factor authentication 

  • Can securely request files 

  • Very easy to use 

  • Free version available 

  • No longer supports local encryption or secure deletion of original files 

  • Some features are absent from the iOS app 

 

Pricing and Features: 

You use it to create lockers, encrypted storage containers that provide full access to files when open but make them completely inaccessible when locked. Subscribing raises your storage to 2TB cloud storage with further features like unlimited end-to-end encryption and secure file sharing. 

Supported Platforms: 

You can access your cloud locker from the NordLocker app for Windows, macOS, Android, or iOS, or log in directly to the online cloud console. 

User Reviews: (Source: NordLocker Reviews & Ratings 2026 ) 

 

NordLocker has been awarded an 8.1 out of 10 by a trusted source “Trust Radius”. It can sync files from endpoints running Windows, macOS, Android, and iOS and user can access the cloud storage via a web browser. 

 

The review strongly backs NordLocker as a reliable and effective solution because it comes from a verified administrator with real organisational experience, giving it immediate credibility. The reviewer highlights a practical, security‑sensitive use case handling government and DoD documents for new hires, which shows that NordLocker performs well in environments where confidentiality and compliance are essential. Describing the product as “inexpensive and scalable” reinforces that it offers good value for SMEs that need secure file‑sharing without high costs or complex setup. The emphasis on end‑to‑end encryption demonstrates that NordLocker meets strict security expectations, while the 5‑star rating and vetted status further validate its reliability. Altogether, the review shows that NordLocker is trusted, cost‑effective, and capable of handling sensitive workflows, making it a strong recommendation for organisations needing secure document management. 

Tech Specifications 

Deployment Types 

Software as a Service (SaaS), Cloud, or Web-Based 

Operating Systems 

Unspecified 

Mobile Application 

Apple iOS, Android 

Create Encrypted Storage 

 

Rate Password Strength 

 

Two-Factor Authentication 

 

 

 

 

BitLocker 

Price: Free  

Pros 

Cons 

  • Built into Windows, so no extra licensing cost for most SMEs 

  • Easy to deploy and manage through Intune, Azure AD, or Group policy 

  • Uses TPM hardware for secure key storage, improving protection against tampering 

  • Strong encryption standards suitable for GDPR and cyber-insurance requirements 

  • Transparent to users, with minimal performance impact 

  • Not available on Windows Home, which some SMEs may still use 

  • Centralised management requires Windows Enterprise tools or Microsoft 365 Business plans 

  • Devices without TPM need additional configuration or may not support BitLocker fully 

  • Recovery key management can become a risk if not handled properly 

 

Pricing and Features 

BitLocker does not have a standalone price because it is built into certain editions of Windows. This makes BitLocker one of the most affordable full-disk encryption solutions for SMEs, especially those already using Microsoft’s ecosystem. 

User Reviews (Source: BitLocker Reviews & Ratings 2026 ) 

 

 

 

The review reinforces BitLocker as a reliable and highly manageable encryption solution because it comes from a verified IT professional working in a large‑scale, enterprise environment, giving the feedback strong credibility. A full 5‑star rating further strengthens the endorsement, showing that BitLocker performs effectively in demanding environments. Altogether, the review demonstrates that BitLocker is not only secure but also practical and scalable, makes it a strong recommendation for organisations that need efficiency and centrally managed full‑disk encryption. 

Tech Specifications 

Deployment Types 

Installed locally as part of Windows Pro/Enterprise; managed through on‑prem tools (Group Policy, SCCM) or cloud tools (Intune). 

Operating Systems 

Windows Pro, Windows Enterprise, Windows Education (BitLocker is not available on Windows Home). 

Mobile Application 

Not Applicable 

Create Encrypted Storage 

 

Rate Password Strength 

 

Two-Factor Authentication 

 

 

File-Encryption Tool Choice and Rationale 

After comparing NordLocker and BitLocker across pricing, features, platform support, user reviews, and legal/security requirements, the most suitable choice for an SME becomes clear. BitLocker stands out as the stronger overall recommendation for organisations that primarily use Windows devices and need cost‑effective, centrally managed full‑disk encryption. It is built directly into Windows Pro and Enterprise at no additional cost, integrates seamlessly with Intune and Group Policy for centralised control for SMEs. The user review you analysed reinforces this by highlighting BitLocker’s reliability and ease of deployment in large enterprise environments, demonstrating that it scales effectively and performs well under demanding conditions. 

However, NordLocker remains an excellent complementary tool for SMEs that need secure cloud‑based file storage and encrypted file‑sharing across multiple platforms. Its end‑to‑end encryption, zero‑knowledge architecture, and ease of use make it ideal for protecting sensitive documents, especially when sharing externally or working across Windows, macOS, iOS, and Android. The verified review praising its scalability and suitability for handling government‑level documents further supports its value. 

Overall, BitLocker is the evident choice for device‑level protection and compliance, while NordLocker is best used alongside it for secure cloud storage and encrypted file‑sharing. Together, they provide a strong, layered security approach that aligns well with the needs, budget, and operational realities of small to medium‑sized organisations. 

Legal/Security Requirements 

A file-encryption tool is explicitly encouraged as a safeguard for protecting personal data. Common legislations like GDPR requires organisation to use appropriate technical measures to secure personal data. These measures involve tools like encryption, as encrypted data is unreadable for third-party users protecting end-users’ data from malicious users. Alongside GDPR, Data Protection Act 2018 reinforces the requirements to secure personal data as file encryption demonstrates that an organisation has taken reasonable steps to protect sensitive information. It is important for organisations (particularly SMEs) to avoid breaching these legislations as it involves consequences such as fines, lawsuits, and reputational damage which can impact their brand image and delay or cancel any organisations future goals or plans of expansion.  

User Access Control 

Effective user access control is essential for ensuring that only authorised individuals can access SME’s systems, data, and services. Strong access control reduces the risk of data breaches, credential theft, and unauthorised access, while also supporting compliance with standards such as Cyber Essentials and GDPR. The following controls are recommended to ensure secure access for all users, whether they are working on‑site or remotely. 

Device-Level Access Control 

User access must begin at the device level to ensure that only trusted, authenticated devices can connect to SME’s network. 

Authentication Method 

Inmpact 

Local Authentication Security 

All devices should use a secure authentication method, such as "Windows Hello”, which supports biometric sign-in which reduces reliance on passwords and helps prevent unauthorised access if a device is lost or stolen. 

Multi-Factor Authentication (MFA) 

Use of MFA adds an extra layer of security by requesting a second verification step. This prevents any unauthorised access, even if a password is compromised. 

Domain-Joined Devices 

All devices should have joined the SME’s Active Directory domain. This allows central authentication and ensures users can access different services such as Office 365 and OneDrive. This also allows admins to enforce consistent security policies across all devices in the organisation. 

Server-Level Access Controls 

Centralised access control is essential for managing user permissions, authentication methods, and security policies across the organisation. 

Setting up a server as a domain controller allows SME to manage user accounts, organisational units, and permissions centrally. Group Policies can be used to enforce password rules, lockout policies, software restrictions, and security updates across all devices. 

Access Control Models 

Discretionary Access Control (DAC) 

Permissions controlled by data owners 

Mandatory Access Control (MAC) 

Strict, system-enforced access tends to be used in high-security environments  

Attribute-Based Access Control (ABAC) 

Access based on attributes such as departments, location or device type 

Role-Based Access Control (RBAC) 

Access is based on user's job role 

 

RBAC is the most suitable model for SME. It allows permissions to be assigned to roles (e.g., Administrator, Manager, Support Staff), and users are then assigned to those roles. This ensures consistent, least‑privilege access and simplifies management as the organisation grows. Role groups can also be created to streamline permission assignment across departments. 

Centralised Management and Policy Enforcement 

By joining all the devices to the domain and managing them centrally, the SME can; 

  • Enforce security policies across all endpoints 

  • Roll out Windows Updates and patches automatically 

  • Apply consistent authentication requirements 

  • Revoke access instantly after staff leaves 

  • Monitor user activity and detect suspicious behaviour 

Centralised control ensures that access policies are applied uniformly, reducing the risk of misconfiguration or security gaps. 

Cloud Integration 

If SME transitions to cloud-based models, these access control methods can be migrated to Microsoft Azure Active Directory. 

The Directory supports: 

  • Conditional access policies 

  • Cloud-Based MFA 

  • Identity protection and risk-based authentication 

  • Seamless Integration with Office 365 and cloud applications 

This ensures that access control remains consistent and secure across both on-premises and cloud environments. 

References 

 

 

 

Comments

Popular posts from this blog

OS A3 Task 1

OS A3 Task 2