I'm a software developer who was given the responsibility to suggest a solution for our client that envolves infrastructure.
Basically our project consists on two softwares for the audit department. Right now they're connected to the company's network.
They want it to be impossible for anyone from the company to intercept, read or do anything with information they will exchange and manipulate. I understand that once our software is deployed into one of the company's server, theoretically one of the administrators would be able to access the information (database, root drives, etc).
Given that I'm not an infrastructure person, the solution I came up so far would require they to create their own datacenter, on a different domain and then having a connection between the two networks so that the existing one can still provide internet access to the new one through a proxy server.
This however, seems like a way to much effort solution.
I just wanted to point out that they also require backup and replication data from their department to be kept away from the rest of the company. So, I'm thinking they'll need to invest on a couple of servers anyway.
But at the same time, I also believe that those servers didn't really need to be domain controllers or do they?
Is it possible to be inside of one domain and still keep information from the domain administrators? I would prefer not to mess with creating and mantainning a new domain.
Is there a better way to achieve their goal? They use Windows Server there if it makes any difference.