FileHold Server Security

Keeping your intellectual property secure is an organizational concern. While FileHold is not a security consulting company or security experts, we can provide some general information and recommendations in this area. 

Following are some of the questions we have been asked. If your question is not answered here use our general information request form or email [email protected].

Does the IT Administrator of the Software Server have the rights to delete files from a Windows server?

Yes, since IT administrators are administering the FileHold  server. If an IT person removes a file from the FileHold Data folder (where documents are stored on the server), an error is logged in the Microsoft Windows server Event Viewer. However, if the system integrity check that runs within the software application server on the Document Repository is thrown, the software application server begins alerting via a Microsoft Windows event error/ alert. This can be monitored so that a person is alerted if this occurs.

How is FileHold more secure than a traditional filing cabinet?

An electronic document management system is far more secure than a traditional filing cabinet. People can go into a cabinet and remove paper files, break locks, and shred or burn files.

In addition to the four levels of security in the document management software itself, you can also do the following on the server side:

  • Nightly server imaging and nightly database backups

  • Real-time mirroring of the FileHold data repository. This process uses software to coy files and mirror the FileHold data structure to a different area where less IT personnel have access.

  • Using a file auditing software package.

Can procedures be put in place or be adopted to make sure that one person, such as an IT administrator, cannot delete a file? For instance, can the system be set up such that to delete a file, approval from at least two senior people with different passwords is required?

There is nothing that exists "out of the box" for two different passwords to secure a deletion event. This would make it very tough to manage for many FileHold customers storing hundreds of thousands or millions of documents. Also, anyone in charge of the Active Directory domain could reset the other IT personnel's user passwords and then proceed to login with their account and delete the files. All of this would have to be carefully thought through with systems and controls implemented and regular audits and procedures to safeguard the entire process.

Documents could be stored on a SAN or NAS appliance (SANs have better features but cost more) that allow access to a FileHold domain service account and their enterprise data backup software to have backup data related access to the FileHoldData folder. In this way, other users could then not have actual delete permissions. Instead, file deletion would be done at the NTFS file level. However, this could cause problems for IT disaster recovery and emergencies. If an IT person cannot access the files or remove problem files, this could be a support problem.

It is easier just to implement data backup and server imaging software so that deleted files can be recovered.

What type of IT administrator responsibilities do you recommend?

We recommend that you have different IT personnel in charge the different administrative functions:

  • Database server

  • Microsoft Active Directory users and passwords

  • Network and security

  • Web servers

  • Backups of data and testing of backups

This is more complex but it allows for less dependence and trust in a single person.

Can we add security reporting?

There is extensive security auditing in Windows Server and a wide range of security software from third parties. FileHold cannot make specific recommendations due to liability reasons.