In order to truly assure that neither the system administrators nor anybody else in your organization is able to access encrypted data only end-to-end encryption is a viable solution. This is the highest level of data secrecy combined with the highest level of data protection. Disadvantages are that the user needs to think about the secrecy or data protection requirements of files in each folder, the performance overhead on the client side and the system administrator can’t recover any data for the user. If the private key is lost, the data cannot be decrypted in any other manner.
ownCloud provides an End-to-End Encryption plugin in addition to the ownCloud Enterprise Edition subscription. The plugin subscription pricing starts at 1000 EUR/ year for up to 50 users. When the plugin is enabled for a user, such a user can encrypt any empty folder. Through sharing additional users can be invited.
For maximum security ownCloud provides an additional key service. The key service assures that the private key can be kept outside of the browser, even in the form of a smart key, a piece of hardware which prevents that the private key of the user is ever known on the end user, living exclusively on the hardware device.
With end-to-end encryption enabled, it is not possible to leverage collaborative editing or any server-side function including virus scanning. However, as the solution is inside the web browser it is very convenient, easy to use and needs no additional software to be installed.