File Classification Infrastructure in Server 2008 R2 SP2
Windows Administrators have been responsible for keeping data safe and accessible on File Servers for years. Recently, however, that role has been expanded. Legislation requiring companies to inform customers whenever their personal data has been potentially compromised led to a flood of embarrassing situations for business.
Ironically, these data breaches were seldom the fault of corporate IT professionals who were properly performing their duties of keeping the company file servers up and running, and secure behind firewalls and security protocols. However, when a problem with computers or data arises, everyone turns to IT for answers. Fortunately, Microsoft Windows Server 2008 R2 comes with a free data management tool that can help IT be more proactive in managing data.
File Classification Infrastructure, or FCI, was released with Server 2008 R2. Although FCI comes bundled for free with all editions of Server 2008 R2, it is not enabled by default. FCI is primarily a function of file servers.
To install FCI, the administrator must first install the File Server Resource Manager (FSRM) role service to the File Services role. All FCI functions, reporting, and configuration are handled from inside of the FSRM console.
Understanding the potential power of FCI is done best through example. Consider the following scenario.
Our intrepid hero this episode is a Microsoft Certified Systems Engineer (MCSE) named Clyde. Clyde works for a company that processes third-party transactions of all types (including financial transactions for some clients) for both businesses and customers.
As is the case at most well run corporate IT departments, the server and network infrastructure is housed in secure data centers behind an assortment of firewalls, security protocols, and monitoring systems. Getting at the company’s data by coming in the front door (or the backdoor, sidedoor, or windows) is difficult at best, and impossible for all but the most skilled intruders.
However, the company continues to have embarrassing incidents where confidential, proprietary, or personal information has been unintentionally disclosed in a variety of ways. None of these breaches has been the result of a hacker penetrating the company’s security, but rather mishaps ranging from sensitive data being left on a public share, to files with confidential information being passed on to clients, customers, or in one very embarrassing incident, directly to the media. In each case, internal investigations revealed that all IT systems functioned correctly.
How did sensitive information end up being exposed to the public?
The answer lies at the heart of what FCI can do for making data management easier, less expensive, and more secure.
What is the Point of FCI?
From our example above, we know that Clyde is a competent systems administrator. Like most admins, he has several responsibilities. He manages all of these different functions by utilizing power tools and utilities that allow him to automate as much as possible, and to monitor everything else.
Unfortunately, one critical tool is missing from his arsenal. While Clyde knows that financial reports are confidential, he has no way of knowing which files ARE financial reports, or which ones contain financial data.
Clyde has done what most IT administrators have done. He created specific places for the Accounting Department to store financial reports and other sensitive financial information. Access is locked down and restricted to certain members of the accounting team via several mechanisms including setting carefully configured permissions on servers, desktops, and laptops. Procedures are in place to require notification of any member of the accounting team leaving the company, and access is frequently audited. Security is monitored by both the security team and the administrators both manually and via detection systems. Accessing the financial data stored in these locations is virtually impossible for all but the most capable hackers.
Unfortunately, for Clyde, the Executive Vice President of Operations, who is preparing for a very important presentation to the Board of Directors on Friday, requested a few years worth of financial data. For a presentation like this one, the high-level numbers presented to the public, and even most people within the company, are not sufficient. This presentation requires details like exactly how much revenue comes from each client, and how much profit that generates, and so on.
The accounting team provided the VP with the data he needed. The executive is no dummy; he knows that this information is very sensitive and that its disclosure could hurt the company’s relationships with very important clients. Therefore, he keeps the data safe by storing it in secure locations he has access to on the network and on the encrypted hard drive of his laptop. Every system has worked perfectly and only authorized personnel have accessed the data.
Four months later, with the Board of Directors presentation long since left in the rear view mirror, a new crisis has erupted. The VP is travelling abroad and an issue is blowing up back at home. If the right people don’t get what they need fast, heads are going to roll. A fully authorized user, acting in a proper manner, accesses the backups of the server location where the necessary information is properly stored. He quickly copies all the files from April, encrypts them, and sends them on to the right people. Since almost all of the information required is confidential or sensitive in some manner, even if the file was in a directory called Confidential, there is no reason to single out a particular file.
The day is saved, but the right people to be getting all of the other April files are the wrong people to be looking at one particular spreadsheet from April. The spreadsheet used for the Board presentation that the VP kept just in case a board member came back later with questions about the data. The VP didn’t forget about it; he kept it a few weeks just in case someone came back with questions about the data, and then deleted the file.
How FCI Helps Manage Data Better, Reduces Costs, and Improves Security
The problem in this scenario would eventually be called “employee error” if investigated fully. However, that is a disingenuous conclusion since no one actually acted improperly.
The VP stored a confidential file in a secure manner. The employee retrieving the data was authorized to do so and can’t realistically be expected to examine every file to see what is in it. In fact, that could be a bigger security risk.
The real issue is that there is no practical way for data to be marked as sensitive (or important, or from a certain project, or …) in such a way that the tag follows the data through its lifespan. Even if the original file had been tagged somehow, the new one created by the VP would not have the same tag.
This is where the new File Classification Infrastructure comes in.
With FCI, data can be tagged in exactly this manner. The original spreadsheet from accounting could have been tagged not just as confidential, but as internal financial data, as well, based on where the file was stored originally. Even the new file created by the VP would be tagged in this manner, not because of where the VP saves the file, but rather based upon being part of a particular project. The off-site backup of the project data would retain the file’s tags because tags are retained within the NTFS properties of the file no matter where it is moved in the enterprise. Finally, even if the data were to somehow lose its tagged status, it could be re-tagged properly based upon its content.
These tags can be used by Clyde to monitor for sensitive files in the wrong places, if the file were copied to the web server, for example. The tags can also be used to manipulate how the file is treated. Files tagged like this one, might never be backed up as part of the regular backups. The tags could even be used to prevent the file from being displayed or included in the subsequent copy because the data tagged like this file are considered expired after a certain amount of time.
For the first time, the right tool is available to Clyde without implementing yet another big infrastructure project, without buying even more tools and utilities, and best of all, without implementing another round of company-wide security procedures. All he has to do is set it up.