asked on Securing sensitve data
We have our payroll software to be installed on our file server. This contains all the details of current and past employees. The data contained in the payroll software includes tax, bank, NI number, address, DOB, start and end date ect. What's the best method to secure the data so only 2 employees have access to it? We are in the uk and we want to protect ourselves by law. Any advice welcome. Ive included some tech details below:
The databases are located on the a windows 2008 sbs server and the client application is installed on a windows 7 64bit workstaion.
The databases are not encrypted and are of an old bespoke system. In order to read the database you will need the development suit.
The application requires a password to enter the system
The databases are located on the a windows 2008 sbs server and the client application is installed on a windows 7 64bit workstaion.
The databases are not encrypted and are of an old bespoke system. In order to read the database you will need the development suit.
The application requires a password to enter the system
SecurityWindows Server 2008Encryption
Last Comment
resolver1
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Thanks for the information guys! Its a real help.
I think you guys are on the right track. From reading your comments, I think I need to know the regulatory compliance i fall under before i work on a solution? Any ideas, im base in the uk.
I think you guys are on the right track. From reading your comments, I think I need to know the regulatory compliance i fall under before i work on a solution? Any ideas, im base in the uk.
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
We dont encrypt hard drives on our servers and clients
We encrypt our backup with 256 bit encryption and is taken off site
Only 2 IT personal has access to the backups
We encrypt our backup with 256 bit encryption and is taken off site
Only 2 IT personal has access to the backups
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Encrypt any personal information held electronically that would cause damage or distress if it were lost or stolen."
Doesn't that say it all. the files must be encrypted.
Doesn't that say it all. the files must be encrypted.
ASKER
i think i have a solution on this. I'll update tomorrow when i get back to work.
ASKER
I've decided not to put the software on the server. I am not confident in the application security and the level of work required to secure it at network/operating system level is to great and the risk is to high. I will keep it on the client with drive encryption and a secure backup. The application provider has given us a disaster recovery process to install the software on another machine which I am happy with.
Thanks for all your help. I know have a understanding of what's required from the application, operating system and network level in order to secure the application.
Thanks for all your help. I know have a understanding of what's required from the application, operating system and network level in order to secure the application.
ASKER
Thanks for all your help guys :-)
This sounds like it might be the problem. In order to restrict access to the data, you will need personal user accounts for each user, and only grant access to the sensitive data to those 2 individuals.