Securing Files in a Hostile Workplace?

lockdown asks: "How do I secure the files used in my department? I work in an engineering department and I've been tasked with securing our electronic files. We are a likely target of pirates, both internal and external. The 'resale' value of our files is very large. Attackers would be interested in selling our files or just posting them publicly for bragging rights. While I trust our engineers, many of whom have been here over 10 years, we do have many short-timers and temps in other departments. Worst of all, our IT department is clueless and even hostile to our efforts. (They are proud that, 'our network is so outdated that it can't be hacked.') How do I came up with a way to secure our files in a hostile environment and still get our work done?"

"The constraints of my personal situation include:

1. the world controlled by the IT department (the network, most servers, tape backups, external firewalls, etc) are out of my control,
2. we do not have good physical control of our environment to prevent physical theft or PC access,
3. we need to compartmentalize access to different teams,
4. we need to be able to recover access in the event a bus hits an engineer,
5. engineers need to be able to securely take files home,
6. data files can range into the GBs,
7. this can't get in the way of getting work done,
8. being engineers, we tend to work with a wide range of obscure tools that are unlikely to be supported by commercial solutions and may not play nice with the OS
9. we are stuck with Win boxes as clients, but we could have a local dept. *nix security server,
10. each engineer need to be able to enable access to any other engineer,
11. I would like at least 2 factor security, something you know and something you have,
12. I would like the 'something you have,' attached to engineer's car key ring (something you can't go home without) and
13. open source preferred (no proprietary pixie dust, please)."

hard to tell; need to see the files

This situation strongly depends on the ATM packet size ratio to the compressibility of the files. To get a decent analysis from us ask slashdot experts, please post links to the files here so we can examine them and offer you the best advice possible.

Just say it...

[t--f-c]

we all know we want to say it.. you work for Valve don't you??

Outdated

[Ratbert42]

They are proud that, 'our network is so outdated that it can't be hacked.'

Get a couple of these.

Re:Outdated

[More+Karma+Than+God]

You're going at this all bass-ackwards. Put importantly labeled disks full of heavily encrypted random data in the nice locked boxes and set them out at every lead engineer's desk.

The real data will be kept in their shared Kazaa directories and named for classical and country songs.

Rules of thumb

[Hard_Code]

"We are a likely target of pirates, both internal and external"

Well, it's a difficult situation. I suggest strong coastal fortress walls, and heavy shelling cannons. Also be sure to have your mates dig the hole before you bury the treasure. That way they will all be tired and you can shoot them and bury them with the treasure. I also suggest wearing a hook and eye patch. Some would argue that this is security through obscurity, but it does have a legitimate affect as a deterrent. Oh, and DON'T FORGET to draw a map with paces relative to everyday objects. This is sure to throw off that random bunch of happy go lucky teenagers in an 80s movie.

Easy!

[duffbeer703]

Sell some of your valuable files, and use the proceeds to fund a security upgrade.