1

When I use end-to-end encryption to secure documents and sensitive information on cloud or on computer, there is always a risk of accessing these information by administrator.

For example if you use Truecrypt to save a secure container in cloud or Boxcryptor or Tresorit to encrypt files in cloud provider (or anythink like that) you have mounted virtual disk when you can access and read/write files.

When you are working on a computer managed by domain policies, administrator is able to mount the virtual disk and see what is inside. Or administrator is able to switch user and see the virtual disk in readable form.

Is there any way how to avoid it? I would like to have completely secure workspace so no one can read my passwords or sensitive information when I use it on computer.

When I use end-to-end encryption and administrator is able to read my sensitive information that are mapped as a virtual disk then it doesn't make sense for me anymore. Do I have any solution for such situation as a user?

user1563721
  • 1,099
  • 11
  • 22
  • It's easy to securely store sensitive information. It's difficult to securely access it from an insecure machine. – David Houde Mar 08 '15 at 21:32

2 Answers2

3

If you are a user of a system and other people have administrative access then, realistically there is little, if anything, that you can do to stop them gaining access to the information you process on that machine.

They are likely to have the power to install software on the machine, so could (theoretically) install key loggers or other types of software which monitors your activities and gives access to data you process on the system. This, of course, is not to say that any company will actually do this, just that they can, and when you're considering the security of your personal information, you need to assume they will.

From their perspective, this kind of access may well be necessary for them to ensure the security of the device and ensure that it is not being mis-used.

If you have information that you want to access or use without that risk, then you need to have a system that only you are the administrator of. So in a work scenario, use a personal smartphone, tablet or laptop to work on the items that you don't want to be visible to your employers.

Rory McCune
  • 60,923
  • 14
  • 136
  • 217
0

There are a few aspects to this. You have articulated the first, which is to ensure your documents are not tampered with. Well the social aspect of it is really simple. Work with people you can trust. If you cannot trust the administrators with your data. Then there is no point in entrusting them with anything else.

munchkin
  • 393
  • 1
  • 5