0

I have a question regarding data security.

I have an application that dumps a flat Excel file on a Windows server from an SAP database. The file is edited, then the application writes the edited data back to SAP transactionally.

While under normal usage, this application will not have any PCI or PII, but the database that it dumps from does contain PII, and it is possible that someone with malicious intent could steal that data.

My question is, what is the best way to ensure that the Excel file is secured completely on that server?

I do not have access or capability to change the nature of any other part of the process, so I just want to make sure that the Excel data can go nowhere.

I was thinking...

  1. Disallow shares and mounts
  2. Place server in Enclave
  3. Lockdown users
  4. Encrypt data share with BitLocker

Any other thoughts? Something I'm missing?

Acerbity
  • 95
  • 2
  • 9

1 Answers1

0

BitLocker only encrypts data at rest, and applies to the entire volume. If you need the folder where the data will be saved protected during normal operation while the system is up, you can use EFS and assign a certificate to the account that will be accessing the folder so that only that account will be able to access the data.

Greg Askew
  • 35,880
  • 5
  • 54
  • 82