Networks

Question

Gravatar
0 Votes
Locked

Block confidential files in shared folders from admins

By heythorn ·
THE HR And Finance departments refused to place their documents in the shared folders on the designated File Server.

Reason is the admins able to view their files or take ownership regardless the security restriction imposed on the files.

Is there any secure way to protect the files and still allows backups?

I can only think of 3rd party solutions that encrypt the files.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

gravatar
Collapse -

The problem I see here

by NexS In reply to Block confidential files ...

Is a trust issue within the workplace.

They will want their files placed elsewhere, but when they lose them, they'll expect IT to be able to pull them from the air instantly.

Another thing is that I'm not sure on what types of files you are talking about here. If Finance have a financial system which they use (I can only hope they do!), then it would most likely be an oracle/SQL database which have to be backed up in a specific way.
As for other documents (say, M$ Office documents), permissinos should be able to be set exclusively, without affecting backups, but you haven't told us how you back up your servers, so I cannot be sure.

gravatar
Collapse -

Securing M$ Office documents

by heythorn In reply to The problem I see here

It's the M$ office documents that I'm worried.

For Windows, even if permission is set exclusive to them, the admins will be able to take ownership and view them.

We're using Symantec BackupExec and will be shifting to Asigra.

gravatar
Collapse -

Are the IT personel in-house?

by NexS In reply to Securing M$ Office docume ...

If so, then it shouldn't matter who can take ownership of them.
At any rate, there would need to be a network account for your backup system that has access full domain access. The last thing they'd want is to not have their financial data backed up.
I suggest that the IT dept. will always want to have a way to get access to the files in case something happens and they need to be looked at.
Otherwise, the finance group could find an outsourced application to maintain their data. (eg:external payroll system)

gravatar
Collapse -

Or maybe to get over this entirely

by OH Smeg Moderator In reply to Are the IT personel in-ho ...

They could Outsource the Finance and HR Sections who lack the Trust to accept that the Network Admins have a job to do as well.

If the network Admins do not have access to all of the data it's not safe in the event of something happening. What is more important the lack of trust in staff or the Data which could be completely lost in the event of a fire/flood/hurricane?

or perhaps lots of Company Paid Therapy for those staff with Trust Issues would be a good starting point. Maybe even terminating their employment because of their Physiological Problems and replacing them with stable people could be a way to go here. What many people fail to understand is that while a Admin may be able to look it doesn't mean that they have the time to waste looking to begin with. Do the same people complain that the CEO/Owner can look whenever they like and demand ways to prevent this from happening?

Col

Back to Networks Forum

Start or search

Related Discussions

Related Forums