General discussion


Securing Data from IT Staff

By jr_hearty ·
Greetings. My company is implementing a Lotus Notes database for our HR department. The database will contain sensitive information (salaries, discipline,etc.). There is concern that members of the IT department will have access to this information. While I feel my team is trusted to not abuse their priveledges, I want to make sure the data is kept secure and is viewed only by those who "need to know".

I am interested in hearing about methods of securing data from the staff in a Windows environment and or a Lotus Notes environment. How do corporations keep their data secure beyond the normal Windows authentication?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by Dumphrey In reply to Securing Data from IT Sta ...

Seems to me, the easyest way would be with object permissions in AD. As Forest Admin, remove all permissions form the share object, then go in and add only the specific groups and users you want to have access. A particularly devious IT tech will geta round this, but If they have access to the machine, there isnt much you can do to stop a determined attempt. Update you confidentiality statements and get fresh signatures. =\

Collapse -

by robo_dev In reply to Securing Data from IT Sta ...

Lotus Notes has three different layers of security for the database.

1) Share-level security (file security using AD)
2) Access Control Lists (ACL)
3) Encryption

Using Active Directory is NOT a good way to secure Notes from IT staff. They manage AD....they probably backup the notes server, so the nsf files could be easily pillaged. I even saw an install where the shares were accidentally set to be browsable by all users (meaning that ANYBODY could read anybody's email by downloading their nsf and viewing it) (it was fun while it lasted, but I had to report it)

ACLs are easily hackable, the last time I used Notes (v6.5). You just copy the NSF to your local drive, flip a couple of bits with a hex editor, and own it. At the same install site, they had everybody's email password in the whole enterprise (70K users), in a NSF protected by an ACL. Took about 30 seconds to have the initial passwords for every employee in the company.

Encryption is the way to go. While Notes is not bulletproof, it's pretty good. If you protect the keys (like not storing them in a keys.txt file on the share were the db is), then you have a database that is reasonably secure. Make sure anybody doing any conversion or testing is not leaking the information as part of the process (I saw a case where a contractor left an import file of 40K employees personal data on an anonymous internal ftp server)

Collapse -

by robo_dev In reply to

I agree, to a point, with HAL 9000s comments. However, nothing is perfect, and you need to implement a set of reasonable controls to protect your data. The majority of IT security breaches happen from insiders.

AD or ACLs are, IMHO, weak controls and Notes encryption, properly implemented, is reasonably strong. Making one group of individuals responsible for the encryption keys and another responsible for backing up and maintaining the servers enforces a segregation of duties that makes fraud more difficult to commit and easier to detect.

Collapse -

by HAL 9000 Moderator In reply to Securing Data from IT Sta ...

Sorry while you can put some checks & balances in place the reality is that this just can not be achieved. If you use encryption and don't allow the IT Staff access to the Keys and you have a problem where you have to recover from your backup's this Data will be useless without the Encryption Keys.

The Bottom Line in any business if someone in IT wants to look at something they are going to be able to look when and as often as they want to. By attempting to hide this you are actually encouraging the people to crack the security but if you where to just install it without any major fuss most wouldn't be the slightest bit interested to even bother looking in the first place. Incidental if you think that you're accounting software is hidden from these people think again. If they want to have a look see it's there for them to look at and there is nothing in this world that is capable of stopping them looking if they want to. The Bottom line is the more Fuss you make about something the more interest you are going to create in people wanting to have a look, if you just install this most will not give it a second thought and just get on with their work as they don't have the time to waste mucking around looking up useless data. But if you make it interesting then they are more likely to have a look see to see what you don't want them to see.

The best way to try to prevent them looking is to ask them how they would secure this program and say that you don't want some of the lower grade staff being able to view some of the data. If they are the slightest bit professional they will come up with a workable solution and not make any of them interested in bothering to look at the actual data maybe just occasionally make sure that people other than the intended people are not reading it.


Collapse -

by jr_hearty In reply to

Thanks for your response HAL 9000. I have to believe that there are methods of establishing controls and checks and balances to minimize any exposure.

Collapse -

by pierrejamme In reply to Securing Data from IT Sta ...

Amen to Hal. IT people won't look at data that is not meant for their eyes, it's against our grain. If you cannot trust them fire and hire someone you can trust.

Collapse -

by jr_hearty In reply to

Poster rated this answer.

Collapse -

by robo_dev In reply to Securing Data from IT Sta ...

/begin rant/
Now, forgive me for getting off on a rant here but....

I respectfully disagree. I have worked to investigate and prosecute fraud, theft, and data-breach cases and have spent the last 20+ years in the area of IT governance, compliance, and security.

You MUST build controls that separate the IT folks from sensitive HR data. At the very least, have access to the data logged in a server that only the IT Security people can access. (if you cannot prevent it, at least you can detect it)

Just saying that 'you have to trust your IT people' _will_not_fly here (US) to the SEC for SOX compliance, for your external auditors, for the pending data-breach laws in the House (HR 3997), nor to the Federal Govt if it were health-related info (HIPAA Act).

For example, if that HR data contains any medical benefits information, then it may be subject to the US HHS HIPAA 'Privacy Rule' requirements.

Below are the the civil and criminal penalties for privacy and security breaches penalties under HIPAA:

"Wrongful disclosure of individually identifiable health information:

Wrongful disclosure offense: $50,000 penalty, imprisonment of not more than one year, or both.

Offense under false pretenses: $100,000 penalty, imprisonment of not more than five years or both.

Offense with intent to sell information: $250,000 penalty, imprisonment of not more than 10 years or both."

Are you gonna subject your company to a $250,000 fine and all the adverse publicity (because you 'trusted somebody'?

See cases like :
-ChoicePoint Data theft
-Veterans Administration laptop theft thanks!

And don't forget about civil lawsuits from privacy breach.... California's data privacy law, etc.

The IT perspective may be 'trust me', but the IT governance perspective is 'segregate duties, log everything, and build strong controls'.

/end of rant/

Collapse -

by jr_hearty In reply to Securing Data from IT Sta ...

This question was closed by the author

Related Discussions

Related Forums