I've done some of what Michael said. To be more secure you would also need to either block internet or use some sort of DLP. Or both.
We put tiny lockers outside of our software lab for the electronics. On Thu, Dec 17, 2015 at 12:49 PM, Michael B. Smith <[email protected]> wrote: > If you have a particular dev you don’t trust, fire him/her. > > > > You could up the ante’ with MFA beyond 2FA. Require a second party to > participate in providing a key to unlock the repository. > > > > And, presuming we are referring to Windows, ensure that you are using GPOs > that prevent the use of any USB devices. > > > > Hand in all electronic devices at the door. Most will learn fairly quickly > to leave them in their car or at home. > > > > I’ve seen the first two used at “big money” companies. The last at > military installations. > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Andrew S. Baker > *Sent:* Thursday, December 17, 2015 11:03 AM > *Subject:* [NTSysADM] Protecting Sensitive Source Code > > > > Good morning: > > > > Does anyone happen to have any experience with the protection of sensitive > source code? > > > > Essentially, we're looking to ensure that we can adequately mitigate the > risk of critical portions of the code being copied and used inappropriately. > > > > This is beyond any protections (real or imagined) offered by the > following, which we have in place today: > > > > -- An NDA > > -- Restricted access to the source code repository, on a need to know basis > > -- Two-factor authentication to access the repository (being considered) > > > > An air-gapped network is not currently on the table for discussion. :) > > > > Regards, > > > > > *ASB **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker> > *Providing Virtual CIO Services (IT Operations & Information Security) for > the SMB market…* > > * GPG: *1AF3 EEC3 7C3C E88E B0EF 4319 8F28 A483 A182 EF3A >
