Content Encryption

System

Hi,

I have a bit of an off topic question but I feel that this might be the right forum anyway.

Has anyone done a thorough security audit of Worksite NT, especially with regards to internal security
in an outsourced virtual server environment? How does one protect the content within document stores
from system administrators? With in-house physical servers you can restrict access to the servers and
hard drives, but with virtual servers with SAN-storage it's easy to make a snapshot of a disk and mount
it on another server and get hold of the data. Another issue is backup tapes. Most backup software has
the ability to restrict access to the backup session, but how can I ensure that no unautorized backups
of the document stores are done and restored off-site?

The challange I'm faced with is to find a solution that will encrypt the document stores in a way that will
let Worksite server services and Indexer services retrieve the documents, but the documents will have
to remain encrypted to locally logged in administrators and the backup solution. There is also the issue
with cache servers storing a local copy of documents, so these have to be handled as well. Profile
information and full text indexes are not required to be encrypted. This option does not seem to be
common in most document managent systems, in fact the only one I've found is EMC Documentum,
that has something that EMC calls Repository Encryption.

Any thoughts or ideas on the subject would be welcome.

Thanks

/Jan-Ingvar