Started: 11/13/2009 10:57 AM | |
|
 | Securing Sensitive Documents We had a query this week on how to protect sensitive information, here is the question and answer. If you have more to add, please do.
Question :
I hope that you can help me with the following problem. I need to create a document library for the HR department for all employee HR related documents including salary information.
There is concern that the IT department will be able to gain access to the documents because they own the SharePoint administrator password. What solution o you recommend to minimise this risk?
Thanks
Tony
Answer :
In my experience there is no easy way to get around this. It is nature of the beast that IT will have access to most things in the organisation, they have to; when things go wrong they need to fix them.
You'll probably find that IT already has access to the salary info, you just don't realise it. One would hope that you are dealing with ethical people that can keep confidential information just that. Of course there is one in every crowd hey. If it's any consolation, most IT departments I have worked in, don't give a hoot about the content. Geeks have other priorities thankfully. :)
So, where does that leave you? First of all, I would recommend not making too much noise about this. The surest way to tempt people to snoop around in your site is to start asking lots of questions about restricting access and using the word salaries. Be subtle when asking who all the IT administrators are. You do need to know who the site collection administrators are - they are business people and far more likely the ones who will try and access the info.
Then you could rename the docs / libraries to some random non salary related title to throw people off the track. Or you could password protect your docs before you upload them to SharePoint, (obviously this won’t work if you are using lists to manage the info).
Maybe also put a disclaimer on the landing page of your HR site to say that anyone caught divulging any information from the confidential area will be given a disciplinary hearing and warning – whatever your standards are.
Make sure you have all the audit settings activated so you can monitor who is accessing the information. The reports get very big so it could be work to do, but if you suspect a breach least you know where to start looking.
|
|
Posted: 11/16/2009 11:18 AM | |
|
| Well answered, but perhaps also get tehm to make the contents of this particular be excluded from any search - Document Library Settings -> Advanced Settings. It will just give teh user that littel extra "consolation". End of the day certain people in IT will always have over-riding access be it to a fileshare or to a document library. At least on the latter there is an audit trail to check if access has occured.
|
|
Posted: 11/16/2009 7:16 PM | |
|
| Too true! Forgot about that, thanks Tessa. (And thanks for your other replies on the InfoPath stuff). |
|
Posted: 11/17/2009 8:37 PM | |
|
| I might have a solution.
I learned this trick through a mistake I made once.
Remove the Site Owner from the permissions list for the document library. Just make sure that you have someone in the HR department that have the correct permissions for granting permissions for the document library. |
|
Posted: 11/18/2009 10:24 AM | |
|
| Jacques, the Site Owner might be blocked but Site Collection Admins and Web Application Admins would still be able to get in if they wanted to, and more "savvy" users would be aware of this (then again these more savvy users would also know the only real way to secure info is to have only 1 hard copy and keep that in a locked safe). |
|
Posted: 11/19/2009 10:17 AM | |
|
| Another option is to use digital rights management (DRM). Using this technology you can lock down the document itself, even when the document is taken out of the SharePoint library. Remember SharePoint permissions (and fileshare permissions) are only applicable when the document is in that store, what happens when the document leaves the store i.e. someone copies it and emails it to anyone they desire.
This is where DRM comes in. Protect the document itself, and no person can open it unless they have the correct permissions, even admins.
This works well with SharePoin too i.e. if someone puts a document in a document libary, you can have DRM automaticly apply DRM to added document, so your users dont have to worry about manually doing it.
Michael |
|
Posted: 1/6/2010 12:28 PM | |
|
| There's a solution on CodePlex called SharePoint Designer Usefull Workflow Activites... I havn't done it yet, but one of the options it supposedly gives is to automate unique permisions on list items and documents. You could perhaps use that to ensure only the relevant perties have access to sensative documents.
Just my two cents... hope it adds something. |
|
Edited: 2/18/2010 1:51 PM | |
|
|
We had another question in this field this week from Siviwe :
We are running SharePoint 2007 on a standalone environment, planning to move the data tier to another server. A request has come from top management where they need a shared web space of which only the top management members will have access to the site. Access must be denied to all other employees or users including the administrators of the site and server.
Now the questions was raised, how secure is SharePoint? They need 110% guarantee that no-one will have access to the data after we have created and configured the site for them. The environment has three different levels of security groups:
1. SharePoint portal administrators – this is my team and we administer the web front end, application and database configurations.
2. Database administrators – they manage all the databases, backups and all related activities.
3. System / OS administrators – responsible for the operating systems, patches, OS updates, etc.
Now in an environment set up like this, what security extensions can be used? Is it possible to encrypt the data in the content databases from Central Admin? |
|
Edited: 2/18/2010 1:52 PM | |
|
|
Response from Michael :
There are 2 parts to the solution. The most important part is not even about SharePoint or the technology, that is around the process. You must make sure you put the correct process in place to ensure that the content is managed in a way that ensure the secrecy of it. Please don’t ignore this e.g. they could put a document in the incorrect site, which would bypass all the security you have put in place.
I would recommend using all of these techniques below to help you:
1. Dedicated web application and site collection for them, ensuring they also therefore have a dedicated database for their content
2. Through SharePoint Central Admin add a security policy rule which ensures that only those users have access to the SharePoint web application. This will override the security setup in the site collection, what this means is that if one of them accidentally give a user access to their site, the user will still not be able to access it.
3. SQL Server transparent data encryption, to encrypt the data in the database
4. SSL setup for the web application to ensure the data is secure in transit i.e. between the user machine and SharePoint
5. Digital Rights Management on the documents (integrated with SharePoint). This solves the problem of what happens if the document is copied out of SharePoint, the security will still apply to the document when it is outside of SharePoint. Therefore no one can email it, pass on memory stick to someone else.
Someone else might comment more on this. |
|
Edited: 2/18/2010 1:54 PM | |
|
|
I was just going to add that it is nature of the beast that a server administrator will still have access to the documentation. Regardless of where that information is stored now, if it’s on the network, then someone in IT already has access to it. The database and O/S administrators could potentially also get access too if they really tried.
On SharePoint, this is not going to happen. As Michael said, only the people with access to Central Admin could get access, this is usually just two people. Part of the responsibilities of this position, is to have strong ethics and high levels of responsibility. Your values should prohibit you from accessing that information at random and trying to distribute it. It might sound trite, but it may help your cause to explain this, it is clearly a very concern for your management team and you need to give them all the assurance you can.
What they can also do, is put Alerts on each document library that will alerts them if anything changes. Make sure when you create the site collection that you enable all the auditing features, then they can also extract reports weekly or daily if they wish to see who opened or changed anything on their site. |
|