corporate data control/leakage - user policy review

Posted on 2011-10-05
Last Modified: 2012-06-27
What kind of policies do we need to look at (technical not HR policies) in terms of data protection - where data can get to who can access it who can take it where?

Could do with a big program on how to audit this or hints on common issues as to where companies have poor technical governance on how to control their corporate data to stop it getting into wrong hands / going offsite unencrypted etc

It is a windows environment mix of traditional workstations and some thin clients via citrix

The more areas to check the better
Question by:pma111
    LVL 3

    Author Comment

    *who can take it where on what (ie CD/unencrypted data)
    LVL 19

    Accepted Solution

    If offshore users are using Citrix for accessing,then you can apply CItrix policies to restrict local drive mapping. So users local drive will not get mapped and they cannot save it to their local desktop. Similarly you can restrict drive access, share access on the servers which has sensitive information. Even mapped drives only with read or write. NTFS permission, basic window policies to hide drives can help.

    Also if users are using remote desktop or citrix, then can save their sensitive datas to profile. In such cases folder redirection policies can be applied so it can be saved only to their home drives when they log out of the servers. So datas of one users cannot be seen by other.
    LVL 3

    Author Comment

    Can you use group policy to restrict local drive "saving too" opn traditional windows workstations?

    If so how - is it in admin templates anywhere?

    Does it cause any problems if people cant save stuff locally? Like patches wanting to apply onto local disk etc.
    LVL 2

    Assisted Solution

    In this case Digital Right Management is a way to go.
    I've used drm packages to control and keep track of our company sensitive information and documents just like your scenario.

    Our main concern was our PDF Documents so we've used PDF OwnerGuard. According to our needs, Advanced edition was the best choice. Protected pdfs act like standard pdfs accessible using Adobe Reader, however they're locked to specific computers within the company. Users can copy the protected documents but as long as they're encrypted, they're useless on UN-authorized computers.

    Featured Post

    Are your corporate email signatures appalling?

    Is it scary how unprofessional your email signatures look? Do users create their own terrible designs and give themselves stupid job titles? You can make this a lot easier for yourself by choosing an email signature management solution from Exclaimer today.

    Join & Write a Comment

    Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
    How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the e…

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now