File Protection
I have some very valuable customade image profiles (ICC Profile) installed on several work stations. Theses are operated by various technicians who need access to the profiles while working for me.
Is there a way for me to prevent my technicians from stealing the profiles? The profiles need to be copied to different media as part of the job.
Alternatively, is there a software that will log the activity of specific files and if so, one that also let's me easily get the information regarding the profiles. (I have around 30 Macs, so a long real-time flash movie of all activity is no good to me.
Thanks in advance for your advise.
Is there a way for me to prevent my technicians from stealing the profiles? The profiles need to be copied to different media as part of the job.
Alternatively, is there a software that will log the activity of specific files and if so, one that also let's me easily get the information regarding the profiles. (I have around 30 Macs, so a long real-time flash movie of all activity is no good to me.
Thanks in advance for your advise.
Comments
So you would move the profile into place, then set the permissions to system (read/write), wheel (read only) and everyone (no access). That may prevent them using the profile but you can try it anyway. With a non-admin account, they can't move or copy it.
I really can't imagine that ICC profiles could be that valuable. Certainly they are valuable in the sense that that is how you make sure to match up with the printers, but I can't imagine a circumstance where someone could sell the profiles in any way to harm a business.
Oh... and you are looking for a technical problem for a people problem. This is not an IT problem, it is a management problem.
I worked for a printing company, they do fulfilment for magazine, etc.
the way the shop was laid out, files stored, transfered, even the organization of the stock was all considered to be a "trade secret." So, the ICC files would fall under that, trade secrets for that shop.
now, what could you do with an ICC profile? well, disgruntled employees could delete them, change them, etc. but unless they were setting up a shop with the exact same equipment, software, etc, then there would be no use for them.
& your company would have a strong foundation for a lawsuit, to say the least.
your biggest threat & competition in the end is your own employees.
We are a digital capture outfit, which means we provide photographers with digital equipment. We use PhaseOne Capture One software to capture the images and treat the RAW files before converting them to TIFF. For the individual photographers we create up to 25 different ICC profiles to suit their preferred style. The process of creating these files is long and has to be done for each photographer. Also, they are specifically created for the photographer and is as such a trade srecret for them and me.
The vulnerability is my freelance staff, who has access to these ICC profiles when on shoots with the photographer.
What I think would be ideal is a log of all activity on the workstation, where I could then run a search for the activity for the ICC profiles. If I find that they have been copied onto any medium, I could take action.
Any ideas if this is possible?
Thanks.
So what exactly are you afraid the the freelancer is going to do with the ICC profile? Unless they steal the camera along with the profile it is worthless.
example - radio stations, for example, guard their compression equipment - the brand, model, & most importantly, the settings. Only the manager has the key to the closet on that one.
back to the point - the additional details helps a bit. really, all you can do is put the files in a folder that is set to the acct permissions - the photog ONLY has access to that folder & doesn't let the others use his acct. lock the machine down. if the assistants need to transfer anything, give them their own acct, set up the drop box to the photogs acct.
or store them in an encrypted dmg disk image file. load them everytime you want to run the apps.
as far as logs, you should be able to setup logging on the folder or can go back & look at the OS X log files (think those track file access already, quite a bit of data there!) but if the photog or admin are the only ones with access... so it's any guess who it was that did it! setting the isight camera to snap a picture?
only send trustworthy staff if you are that paranoid. not sure how else to handle this. it's called POST processing, so only the photog should be doing that anyway.
My opinion - if I'm some crackhead out to score, or thief of opportunity, I'm grabbing the Nikon D3 / pro grade glass / MacBook Pro to cash it out - in a hurry! hocking a specialty item such ICC profile = too easy to track & get caught. but that's my 2 cents.
bottom line - don't even allow access to get to the files by the freelancers. lock the machine down, encrypt the files. photog needs to do is own post.