I'm the 1/2 time IT person for a small company. We run a MS environment using a Server 2003 Domain Controller, MS Storage Server 2003, and Exchange 2003.
It finally occurred to them that I as an admin can pretty much see everything including sensitive personnel data.
I need a simple (average employee here is 55+) way to be able to store, share and email files between top level execs that is not viewable by someone with Domain Admin credentials. Ideally the solution would:
- Allow me to save files to an encrypted folder
- Allow me to send an encrypted file to another staff member and allow them to open it.
- Allow some form of key backup so when the forget their key or get hit by a bus the key is recoverable.
Any suggestions on how to do this in a manner that is simple for the end user to work with?
For storage of files, TrueCrypt is good (and free). To transport files, I believe there are some capabilities of Exchange to allow encrypted emails that can only be opened by recipient. I have no details on how to do this.
If exchange fails to fit the bill, GPG would probably work.
As far as key backup, the idea is not to let people decrypt things unless they have the private key. So usually you can't get multiple access to a private key by design. However, it is often the case that the CEO stores a copy of the key encryption key (aka private key password) in a physically secure location. So they could write down their passwords in sealed envelopes and store them in a safe controlled by the CEO or something.
I worked at a place once where the admin got the salary info for everyone and started passing it around. Morale plummeted and stayed in the tank until well after everyone that saw the list was gone. So, yeah, keeping info from admins is a good thing.