CIO work experience talking about deployment file server [2]

So, how to secure these files, so that unrelated people do not have access to what they should not access, which for our CIO, is already the top priority for file server deployment. If this thing is not good enough, we will probably off.

I personally in the File Server Authority management design, although not necessarily a success, but, at least, has made some achievements. The following suggestions, perhaps for the CIOs who are worrying about it, can be taken for reference.

(1) Create at least three different folders for user account initialization. One is a personal folder, allowing only personal access, a departmental-level folder in which files are accessed by employees in the same department, and the last is a corporate public folder in which files in this folder are available throughout the company. Since users may not have the concept of file security when they first start using a file server, we set up these three folders for them when their account is initialized, which can deepen their concept of file security and thus improve the security of the files.

(2) Do not allow users to move folders without authorization. File server Permissions management is a very complex thing, sometimes some careless operation, will affect the file access rights. If you have two folders now, one is a corporate public folder that can be accessed throughout the company, and the other is a private folder that only employees can access. However, sometimes users will inadvertently move their private folders to a public folder. In this way, private folders may inherit the access rights of public folders, resulting in the openness of file access. In this case, the user is not professional, so we can not too much blame them. What we can do is to prevent these situations beforehand and try to simplify the management of rights. Therefore, we should restrict the user to move the folder privately, or cancel the inheritance function of the folder permissions, make the file Server authority management easy. Even if a user moves a folder, complex permission changes do not occur.

(3) For important documents, users still need to develop the habit of setting complex passwords. Villains, outsmart. It is sometimes not enough to rely on our CIO's efforts to secure files. Sometimes users are too trusting of us to think of us as omnipotent. We CIOs don't feel honored, but feel the pressure on our shoulders. We would rather have our employees take us as ordinary people and come with us to do the safe work of documents. The author in the file server management, still many times to the user stressed that some important documents, such as customer information, product technology formulations, inspection reports and so on, the user in either on the file server or on their own computer, still have to set a more complex password. As the saying goes, not afraid of 10,000, afraid in case.

(4) Beware of temporary folder mischief. For the convenience of working normally, we set up a temporary folder when the file server is set up. However, with a little attention, this folder is another time bomb that threatens the security of enterprise data. For example, the Financial department printer is out of ink and needs to print the payroll. At this point, the Treasurer will put the payroll in this temporary folder, and then go to the procurement Department to print. When the payroll was printed, the treasurer forgot to delete it. The salary information of all the employees who belonged to the company Confidential was careless. To this end, within the company also sparked a higher than the wage boom. than I do not know, more than a startled. Many employees see their salaries lower than their peers, and they ask for a raise in salary, which makes the HR manager's head ache. The culprit is the improper management of this temporary folder. Fortunately this is only the wages of information, if the enterprise's customer information leaked, it may be the loss of the enterprise even larger. So, when we do a file server deployment, we want to emphasize the security of this temporary folder to the user. Do not knave, the other rights management is set good, and finally destroyed in this small temporary folder.