Hi Rodd,
>Our system is an international system with data synchronized between locations. Although our location has very good security, some of the others do not. Those are the places we're more concerned about.
How much control do you have over the other locations? If the key risk is stealing data, the first step would be to remove direct access to these files. There are several approaches possible.
One is impersonation. If your users are all running XP or higher, your application could perform a logon with different user credentials. Only this user has read and write access to the application. This prevents anybody from just copying data onto a USB stick and taking them home.
Another approach would be to use a COM server or a web service to access sensitive data. This component would run as a different user which would be the only one that has access to the data files. This approach is more secure than impersonation, because credentials are only stored on the server, not in the application. The drawback of this approach are that you most likely have to change the application quite a bit and you need to properly configure the COM server or web service.
--
Christof