first_MCITP
asked on
Securing my files and data
I have a file server where all my folders and files are located. those file are distributed according to department. Security and permissions are done as per department. SO for each folder I have three types of users, FUll Control, write no modify, and read only.
I am afraid that those users can copy files or send it by e-mail to any competotor or someone outside the company.
Does anyone have a solution on how to prevent this and have more control
I am afraid that those users can copy files or send it by e-mail to any competotor or someone outside the company.
Does anyone have a solution on how to prevent this and have more control
samenglish
If a user has read access then they can print it, copy it to a USB stick, or attach it to an email. You can monitor the print queue, frisk your employees, and monitor outgoing emails... or you can make sure your employees feel that they are part of the company by paying them well and giving them further incentives to feel like the company they work for is actually taking care of them... apart from that, there are always laws and confidentiality agreements that you could consider employing.
I don't think this can be done using windows rights because if you have given read access to user this enable user to copy that file and there is no option available in windows to stop this, maybe this can be done using third party application but not sure.
A solution for this type of users (which is not very good) is allow them access these file through terminal service instead of folder sharing.
A solution for this type of users (which is not very good) is allow them access these file through terminal service instead of folder sharing.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I pretty much agree with the other experts: the challenge you pose it's very expensive to overcome, and money is probably better spent elsewhere. However, according to the type of data you are trying to save there could be different solutions: for instance Microsoft Office offers Digital Right Management products which could be what you need. Whatever you implement, keep in mind that you have to cover ALL ways out: no sense in spending money and leave just one small trapdoor to the outside.
I'll add a vendor here, Verdasys (http://www.verdasys.com/), which is by far the market leader.
I'll add a vendor here, Verdasys (http://www.verdasys.com/), which is by far the market leader.
Oooh...good call on the DRM. Adobe also allows you to put restrictions on PDF documents like no copy/paste and no printing. DRM is a way of embedding the "allowable uses" within the file themselves. This frequently relies on the author of the document to configure the DRM rules, however, and this means you are trusting your users.
One other thought I had was it depends on what you're trying to prevent. Some techniques will put up a barrier, although not an impenetrable one. This would likely help keep honest people honest. It would be quite hard to prevent a user from taking and sharing data if they really wanted to do so and also had technical ability. There are all sorts of ways to bypass controls you may have put in place like screen shots/captures, "printing" to PDF or MDI, and using a web-based email like Gmail to email out documents bypassing your corporate mail server's policies.
Make sure people only have access to information they need to complete their job and make sure they would not have a desire to pass information to a competitor. Lastly, when someone leaves your company, make sure their account is disabled immediately.
One other thought I had was it depends on what you're trying to prevent. Some techniques will put up a barrier, although not an impenetrable one. This would likely help keep honest people honest. It would be quite hard to prevent a user from taking and sharing data if they really wanted to do so and also had technical ability. There are all sorts of ways to bypass controls you may have put in place like screen shots/captures, "printing" to PDF or MDI, and using a web-based email like Gmail to email out documents bypassing your corporate mail server's policies.
Make sure people only have access to information they need to complete their job and make sure they would not have a desire to pass information to a competitor. Lastly, when someone leaves your company, make sure their account is disabled immediately.