none
Preventing Administrators from accessing payroll information RRS feed

  • Question

  • We need to allow access for 3 members of our HR staff to sensitive payroll information that is stored in files (not in a database).   I want to ensure that our administrators cannot access the data.  It seems counter-instuitive to assume that this can be done with folder or file rights, so I think I am looking for an encryption method like EFS, but that will allow for multiple user access.

    This information may reside on an on-premise server, or it may reside in a Sharepoint Online document library.

    What would you suggest we look at?

    Thanks in advance,

    Thursday, January 17, 2013 8:06 PM

Answers

  • Hi,
    You need some encryption system, which is not being operated by your
    admins (it can be a system of your choice, I don't have any preferences), or you
    just need to have a strict audit for these files.

    The only MS system I know to work with both SharePoint and File Servers, is RMS.
    --
    Best Regards,
    Alexander Trofimov


    Best Regards, Alexander Trofimov

    • Marked as answer by 朱鸿文 Tuesday, February 5, 2013 2:13 AM
    Thursday, January 17, 2013 8:15 PM
  • One simple option would be to store the files in an encrypted 7-zip file using a strong password or pass phrase. 7-zip uses AES 256-bit encryption and is pretty reliable.

    Be sure to store the password somewhere safe like KeePass. Incidentally, KeePass can store attachments as well - although not editable. Both are great open source programs.

    • Marked as answer by 朱鸿文 Tuesday, February 5, 2013 2:13 AM
    Friday, January 18, 2013 4:45 AM

All replies

  • Hi,
    You need some encryption system, which is not being operated by your
    admins (it can be a system of your choice, I don't have any preferences), or you
    just need to have a strict audit for these files.

    The only MS system I know to work with both SharePoint and File Servers, is RMS.
    --
    Best Regards,
    Alexander Trofimov


    Best Regards, Alexander Trofimov

    • Marked as answer by 朱鸿文 Tuesday, February 5, 2013 2:13 AM
    Thursday, January 17, 2013 8:15 PM
  • One simple option would be to store the files in an encrypted 7-zip file using a strong password or pass phrase. 7-zip uses AES 256-bit encryption and is pretty reliable.

    Be sure to store the password somewhere safe like KeePass. Incidentally, KeePass can store attachments as well - although not editable. Both are great open source programs.

    • Marked as answer by 朱鸿文 Tuesday, February 5, 2013 2:13 AM
    Friday, January 18, 2013 4:45 AM