Question

  • Creator
    Topic
  • #2213775

    Block confidential files in shared folders from admins

    Locked

    by heythorn ·

    THE HR And Finance departments refused to place their documents in the shared folders on the designated File Server.

    Reason is the admins able to view their files or take ownership regardless the security restriction imposed on the files.

    Is there any secure way to protect the files and still allows backups?

    I can only think of 3rd party solutions that encrypt the files.

All Answers

  • Author
    Replies
    • #2869004

      Clarifications

      by heythorn ·

      In reply to Block confidential files in shared folders from admins

      Clarifications

    • #2868993

      The problem I see here

      by nexs ·

      In reply to Block confidential files in shared folders from admins

      Is a trust issue within the workplace.

      They will want their files placed elsewhere, but when they lose them, they’ll expect IT to be able to pull them from the air instantly.

      Another thing is that I’m not sure on what types of files you are talking about here. If Finance have a financial system which they use (I can only hope they do!), then it would most likely be an oracle/SQL database which have to be backed up in a specific way.
      As for other documents (say, M$ Office documents), permissinos should be able to be set exclusively, without affecting backups, but you haven’t told us how you back up your servers, so I cannot be sure.

      • #2868988

        Securing M$ Office documents

        by heythorn ·

        In reply to The problem I see here

        It’s the M$ office documents that I’m worried.

        For Windows, even if permission is set exclusive to them, the admins will be able to take ownership and view them.

        We’re using Symantec BackupExec and will be shifting to Asigra.

        • #2868841

          Are the IT personel in-house?

          by nexs ·

          In reply to Securing M$ Office documents

          If so, then it shouldn’t matter who can take ownership of them.
          At any rate, there would need to be a network account for your backup system that has access full domain access. The last thing they’d want is to not have their financial data backed up.
          I suggest that the IT dept. will always want to have a way to get access to the files in case something happens and they need to be looked at.
          Otherwise, the finance group could find an outsourced application to maintain their data. (eg:external payroll system)

        • #2868835

          Or maybe to get over this entirely

          by oh smeg ·

          In reply to Are the IT personel in-house?

          They could Outsource the Finance and HR Sections who lack the Trust to accept that the Network Admins have a job to do as well.

          If the network Admins do not have access to all of the data it’s not safe in the event of something happening. What is more important the lack of trust in staff or the Data which could be completely lost in the event of a fire/flood/hurricane?

          or perhaps lots of Company Paid Therapy for those staff with Trust Issues would be a good starting point. Maybe even terminating their employment because of their Physiological Problems and replacing them with stable people could be a way to go here. What many people fail to understand is that while a Admin may be able to look it doesn’t mean that they have the time to waste looking to begin with. Do the same people complain that the CEO/Owner can look whenever they like and demand ways to prevent this from happening? 😉

          Col

Viewing 1 reply thread