Sensitive data security

[pinkpanther56]

Up until now the company’s data has all been stored on our file servers and access has been controlled using share and file permissions (and physical security of course), this data is all accessible to the domain administrators group. Recently a manager has been enquiring as too what I and the support team can ‘see’ so I explained that when logged on as the domain admin that I could see anything if I took ownership of a folder and then ‘looked’.

I’ve been tasked with finding a way to make sure that the data is secure but without being able to access it, I’m having trouble thinking of ways that I can ensure data is backed up and safe without being able to access it surely someone on my team will have to have some level of access even if not all of us.

How do you all manage this situation with sensitive e.g. HR/Personnel data in your companies?

Thanks for any insight.

 

[lhuegele]

A certain level of trust has to exist between the business and it's IT department. What we did was create a special domain admin account that only 2 of the admins know the password for it. We then use this as an account for backups and we make sure that all ACL's have this account in the permissions with full rights. We then change the password for this account at least once per year - although I would like it to be quarterly.

Good luck

 

[pinkpanther56]

Thanks for the reply.

So i'm right i thinking that no one else has a domain admin account then?

 

[sectorboot]

Yes... under no circumstances you should surrender the domain admin to user.
Explain the backup situation to user and let them decide. Mine decide to backup on their own. So I let them have the folder where even domain admin can't access but they can.
If something goes wrong... you can always take ownership anyway...

 

[pinkpanther56]

I think the "you can always take ownership anyway" part is what they're worried about, if say a member of staff filed a confidential grievance about our team they wouldn't want us to be able to find out who.

The options i see are:

1. Some sort of external HD and they deal with their own backup (this will only be for a couple of staff) or we trial some sort of software to do it for them.

2. A workgroup server that we only have access to for maintenance and they can be there while we work.

3. Tell them that if it's about us keep it on their notebooks and otherwise they'll just have to rely on the fact that we're professionals and are aware of data protection and confidentiality issues.

Can anyone think of legal issues here?

Thanks.

 

[pinkpanther56]

Sorry sectorboot i should also clarify: "So i'm right i thinking that no one else has a domain admin account then?"

I meant no one else on lhuegele's support team not an ordinary user.

 

[lhuegele]

Pinkpanther, all of our windows team have 2 accounts. 1 is their normal user account which they use 99% of the time. They also have a domain admin account that they ONLY use when they need to administer something on the domain.

The ACL permissions do not have "domain admins" listed, only the specific user security group and that 1 "special" admin account which we use for backing stuff up.

Nothing is 100% secure which is why I stated that the business needs to have a certain level of trust in it's IT department. If there are trust issues there, this is something you should work to rectify.

Good luck,

 

[dearingkr]

Whenever I take over a network, I have a very candid conversation with the president/CEO.

I make sure I have all admin passwords devices (servers, routers, switches, etc.) and tell him I am going to change them.

I make it clear that I have access to everything, but due to my integrity and professionalism I would not access sensitive data without his permission.

I then request his permission to choose one other person to give full access to.

I have had some balk at giving me access to sensitive data, but they always change their mind when I tell them that I will not be responsible for it otherwise.

The bottom line is that the president/CEO has to have the utmost trust in their IT admin.


MCSE CCNA CCDA

 

[twiSSt]

A few thoughts to add - Explain to the user the importance of the Domain Admin, for backup, security and user management.

Describe a scenario where they may need you or your team to access that information; we had a manager who was doing some shady dealings and we had to access their data to confirm the suspicion.

Adminsitrator by definition comes with certain implied trusts and understanding, and any of us that have a degree in IT have taken a Ethics class and understand it is paramount.

I have also been in a situation where a manager did not want myself or my team what she had been writing/saying about us and refused to provide us with the username and password to login to her laptop. The thing to note is she was responisble for backing up the laptop, was provided a drive but never did so - drive failed and she lost everything. Since her integrity was shaky, she assumed ours was as well.

Twist

===========================================
Everything will be OK in the end.
If it's not OK, then it's not the end

 

[pinkpanther56]

Thanks for all of the replys so far i'm starting to get an idea where i should be pitching my argument.

 

[Hondy]

lets face it if you are the network admin, permissions aside, you can always change the password of anyone that accesses it currently and read it under their logon.

If "someone" can access it, then you (as system admin) can access it.

I think you need to manage and educate the users and explain there will always be an audit trail and evidence of access, but if they can access the data then you can gain access one way or another. But you like your job so you wont do it!

Perhaps make an analogy, if they bought a BMW that you could only get into with one key, do they have to buy a new car if they lose that only key... or do they ask BMW for help?