Protecting company data remote employees


Recommended Posts

Hey folks, I am brand new here. and I really need some help or suggestions.

 

I operate a graphic design company which produces printed materials. We have three employees working from three separate remote locations who all share company data. Two are graphic designers who collaborate on files. The third is my print manager who gets the files once they are complete. The majority of files we work with are Word and Illustrator files.

 

I currently host all of my company files on a shared host (files uploaded to public_html) and then map that data as a letter drive on each employee's PC, via WebDrive WebDAV software. This setup works fine as far allowing employees to share and edit files back and forth. The real issue I am having is, there is nothing prevent an employee working at any location from simply dragging and dropping company data to his own personal PC and backing it up!!! I didn't think this would ever be a real problem, until one of my employees quit the job and three months later opened his own graphic design company. He was using all of my files and I realized everything was stolen.  :angry:

 

I am looking for a more secured setup, even if it means buying a file sharing server and hosting it online. I don't know if this is more about having a better and more secured file sharing server or if it comes down to the software used to manager the files on the server? Currently, with my WebDrive WebDAV setup I can grant read/write access to certain employees or just read access. The problem with limiting access is that all employees, even the printer, may need do slight edits or adjustments to the file like margin changes.

 

Again, I need for people to have full access to ALL files, meaning they can open, edit them, change them, save them but they simply can't backup data. Does this exist?  :/

 

I can't find it. I have been looking for months but believe it has to because so many major corporations have employees who work from home, sharing thousands of files and collaborating on ideas.

Link to comment
Share on other sites

I don't think you are going to have any way to prevent someone who has read access to files to not make a copy of them off-site some how, be it via Dropbox, USB thumb drive, etc.

 

On another note, sounds like you should be using Dropbox for Business to sync files between your locations instead of WebDAV

 

https://www.dropbox.com/business/

Link to comment
Share on other sites

Once they have read it, they can "Save as..." on Illustrator or Word or almost any other software.

What you should do is implement audit logs so you can see when someone is reading a lot of files.

Link to comment
Share on other sites

The only way I see to do this would be to run a terminal server and have all the remote workers login to a terminal server that is locked down. You can lock down the external drives and internet access but this is not the cheapest option. This way they could open and edit docs and save them only to the terminal server. so the only way to copy data would be to do screen shots.

Link to comment
Share on other sites

There are data rooms that are designed to protect things like this. 

 

https://www.intralinks.com/?gclid=CLLkuPjtjMQCFZKGaQodf5YAfQ - allows the owner to control read, write, print, copy, delete access.  As a end user, I have the ability to view the documents...I cannot print, I cannot print screen, I cannot copy, I cannot delete, I cannot save.  Everytime I want to access the document I have to enter my user information, once my time frame has expired I will no longer be able to view the document.  Are there ways around it, sure, but they aren't convenient or easy.

 

here is another - http://www.sharevault.com/

Link to comment
Share on other sites

This is almost an impossible task, while you can make it difficult once a user has seen data you have no idea if he took a picture of the screen with his phone unless he was in a room that was under surveillance. And if you want to take it to the extreme what about someone with photographic memory. They look at it, and then just recreate the data at their convenience

  • Like 1
Link to comment
Share on other sites

The only way I see to do this would be to run a terminal server and have all the remote workers login to a terminal server that is locked down. You can lock down the external drives and internet access but this is not the cheapest option. This way they could open and edit docs and save them only to the terminal server. so the only way to copy data would be to do screen shots.

 

With a solution such as this, could somebody open up a program like Illustrator and then go to "File > Open" and grab a file from the terminal server, make changes and save it?

 

Very interested in learning more.

 

Thank you for responding.

Link to comment
Share on other sites

With a solution such as this, could somebody open up a program like Illustrator and then go to "File > Open" and grab a file from the terminal server, make changes and save it?

 

Very interested in learning more.

 

Thank you for responding.

 

Running RDP/Terminal server from your location to remote clients is also going to be dependent on bandwidth. There is nothing worse then working in Photoshop/CAD etc with crappy laggy bandwidth, it's almost impossible to be accurate while drawing in those apps with a slow upstream from the servers WAN connection.

  • Like 1
Link to comment
Share on other sites

Not to mention having the hardware to be able to handle such a task.  CAD isn't something that I would throw on a mid range box and it may need heavy video processing too (rendering 3d models can be very resource consuming depending on the CAD product).

Link to comment
Share on other sites

If you can afford to, you could supply your employees with company provided computers to do the work on, and lock those down extremely tightly. However in giving them the ability to do the work they actually need to do, you might necessarily open one or more holes through which they can then also take copies of the data/documents/media, and furthermore the extreme restrictions you'll end up trying to enforce may very well make work such hell for your employees (along with the attitude of mistrust) that they just leave and find employment elsewhere.

 

Really you're trying to do the impossible.

 

This exact type of scenario is protected against in law, and the law is your best tool to protect your company and it's employees here. Consult a lawyer regarding the existing case of theft/copyright-infringment.

Link to comment
Share on other sites

the only way is to use DRM, so your files remain protected even outside of the company; intralinks is a way but there are others.

Link to comment
Share on other sites

Thank you for using WebDrive (I work for the developer of the product). We are glad to hear that it is working for you.

 

What you're attempting to prevent is nearly impossible. Mainly, if the employee can open/edit the file in Illustrator or some other application, they can literally do anything with it- email, print, save-as.

 

The only way I know of to truly prevent data theft if you allow the user to Edit the files is to lock down the computer and prevent print/email etc. This can be done through the use of a Terminal Server or Remote Desktop environment where the employer has full control to lock down the desktop that the user is using.

 

This is military/government grade security, and while it

Link to comment
Share on other sites

KimSRT, thanks for the advert from your company.  It is doable without ts or and rd enviornment, look what I posted above.   The issue is that people can still take pictures with their phones or a camera and complile the data later on another computer.  This isn't the most ideal or convenient way to get the data but it is possible. This can also be done in your ts/rd environment which makes it as secure/unsecure as the solutions I have provided...no you can't email with the solutions I have provided, nor can you save locally, print screen, or save as anything.  The required plugins completely restrict those operations if you do not have access to do so.

 

Intralinks offers a 30 day trial if you want to test the solution.  I know it works as I am on the receiving end of secured documents, I also know what I need to do to work around the restrictions to get my people the information they need offline.  My users have view only access, and it is time limited...no print, no save as, no email, no editing, no print screens, no nothing other than view at the time they logon.  The types of documents are all MS Office documents and PDF's, they open in the proper office application or the proper pdf application you have installed on your computer, but you do need to have the secure plugin installed to be able to get to the file...this plugin overrides the controls on your computer that would allow you to save/print/copy/print screen the document.

Link to comment
Share on other sites

KimSRT, thanks for the advert from your company.  It is doable without ts or and rd enviornment, look what I posted above.   The issue is that people can still take pictures with their phones or a camera and complile the data later on another computer.  This isn't the most ideal or convenient way to get the data but it is possible. This can also be done in your ts/rd environment which makes it as secure/unsecure as the solutions I have provided...no you can't email with the solutions I have provided, nor can you save locally, print screen, or save as anything.  The required plugins completely restrict those operations if you do not have access to do so.

 

Intralinks offers a 30 day trial if you want to test the solution.  I know it works as I am on the receiving end of secured documents, I also know what I need to do to work around the restrictions to get my people the information they need offline.  My users have view only access, and it is time limited...no print, no save as, no email, no editing, no print screens, no nothing other than view at the time they logon.  The types of documents are all MS Office documents and PDF's, they open in the proper office application or the proper pdf application you have installed on your computer, but you do need to have the secure plugin installed to be able to get to the file...this plugin overrides the controls on your computer that would allow you to save/print/copy/print screen the document.

 

Intralinks now allows to download the entire project, so you can view offline.

Link to comment
Share on other sites

That is dependant on your rights. If you can't logon it doesn't matter anyway, it will remain encrypted.

oh yes but this feature helps in case you don't have web access or you have but it's poor. :)

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.