0

There more than 300 computers and more than 400 users are available. We face two incidents recently when critical users(who has critical data) leave from company.We have deleted their data when they return their laptop or desktop PC. To help protect Data that is top secret and business critical.

Now we have a requirement to protect business critical data to prevent the data deleted by user when they leave.

We currently have NAS drive and Windows Server environment.

Please share your idea.

schroeder
  • 123,438
  • 55
  • 284
  • 319
Infra
  • 650
  • 1
  • 6
  • 19

3 Answers3

0

Don't store data at a single point.

Always make sure encryption keys are known by at least two independent users!

Make regular backups.

Josef
  • 5,903
  • 25
  • 33
  • could you please tell me, how can we implement this? – Infra Feb 06 '19 at 11:46
  • 1
    That's far too broad to answer on this site. It's shocking that a company with several hundred employees has no backup, archival, information security, ... concepts/policies. You should work at implementing them as fast as possible! One possible way to reach this would be to start implementing something like ISO 27001. But lacking the very basic processes, this will be a hard path. – Josef Feb 06 '19 at 11:50
  • Backups are available. i have no idea about shared encryption key. – Infra Feb 06 '19 at 11:52
  • Well in the simplest case make a policy that says "encryption keys must be held be at least two employees all of the time. By default this is the employee working with the data and his/her superior". Find ways to check if people adhere to that policy. – Josef Feb 06 '19 at 11:53
0

You should implement DLP (Data Loss/Leak Prevention) systems on your business. It is not easy to say how you can implement it in here as said before. You should get assistance or consultancy from professionals.

Main key for search is DLP...

Security Team
  • 11
  • 1
  • can we protect data is being deleted by user? I think DLP can use for Prevent data leaks. what i want is, when user leave from company, his data needs to hand over his department head or IT Dept. But few times when user return computer, he has been deleted business critical data. – Infra Feb 06 '19 at 14:45
  • 1
    Can you confirm that any DLP package can prevent *deletion* of data from a host? I am unaware of such functionality. Can you expand your answer to explain how DLP can help in this situation? So far, this answer just says "use DLP". – schroeder Feb 06 '19 at 15:42
  • DLP is not a device or product that offers an approach. The DLP is also concerned not only with data leakage, but also with data loss. For example, if a data is specified to be important by data classification, you can even generate an alert with an agent (on host computer) if the data is attempted to be deleted or deleted. – Security Team Feb 07 '19 at 09:31
  • You appear to contradict yourself. And you re-assert a fact that I'm asking you to verify. Please confirm that there is an endpoint agent that can alert if data is being deleted on the endpoint. – schroeder Feb 07 '19 at 09:53
  • There are many tools in market such as DatAdvantage from Varonis, Kaspersky and Symantec Endpoint Security e.t.c. File auditing systems must be implemented on host ('if you want to track user IO activity). We are using ArcSight SIEM + Kaspersky Endpoint Security + ADC + Microsoft DLP tools. I must to say that all of them really so expensive systems for large companies... – Security Team Feb 07 '19 at 11:05
0

Many office productivity suites offer synced online file storage:

  • Office 365
  • Google Drive
  • OneDrive
  • Dropbox
  • Box
  • etc.

They offer local device storage that is linked to the cloud storage. This allows the company to keep track of the data and even to back it up.

This would require that the users store the company sensitive data in the area of their laptop that is synced, but there are lots of ways to make that a default.

If users keep to the synced area of their drive, then you have the protection you are looking for.

schroeder
  • 123,438
  • 55
  • 284
  • 319
  • how do we make sure whether they have store files in sync folders.? – Infra Feb 06 '19 at 15:51
  • You can set up the default save location as the synced directories. How to do this will depend on the application and . the type of service you choose. There is nothing you can do to *force* someone to save a file in a synced location. There is only so much you can do to force the owner of a device to do something. There are always workarounds. – schroeder Feb 06 '19 at 15:54
  • Problem is data classification, we can enforce to user to store data in sync folder. what will happened is he has to store all the data on sync location. other places are not allowed to save. finally we protect 90% of unnecessary data+ 10% critical data. – Infra Feb 06 '19 at 16:00
  • Your comment is not clear to me. What does all that mean? Where is the problem to solve? You only want to sync the critical data? For that, you need to implement a data classification scheme and a technical process to enforce it. DLP can do that, and Office 35 has built-in handling workflows. – schroeder Feb 06 '19 at 16:14
  • The question had "confidential" in the title in the original version. I would think long and hard about storing confidential data unencrypted in some public cloud. – Josef Feb 07 '19 at 09:29
  • @Josef enterprise cloud storage offers encryption – schroeder Feb 07 '19 at 09:51