The two parts of your question are somewhat mutually exclusive. Is the goal to prevent accessing the file on your systems by user outside the network, or is it to prevent a user from taking the file home on their PC. If it is external access, then it all comes down to the ability to segregate access to these files. You must segregate you physical and logical access to these files so they are only accessible from internal networks that are isolated from external users. This can be done in a variety of ways depending upon your architecture. Without intimate knowledge of this, I can't provide a step-by-step solution. If stopping a user from copying a file at any time is what is required, you have a much stricter requirement then simply stopping external access. In the strictest view access would only occur at dedicated machines that are locked down (physically and network wise) to prevent transferring the information. A simple example was a company I worked for where chemical formulas were developed. The application that manipulated the formulas disabled cut and paste and file copy cross the workstation while it was active. That made it difficult to take the formula out of the company, but then again there was always pen and paper.
Dig Deeper on Network Security Monitoring and Analysis
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.