We all know that security is an issue that we have to pay attention to. At least, those technical people that feel responsible for the security of their systems feel this way. However a short article referencing a DBA survey shows that the rest of the business might not be in sync with the technical people.
I think most DBAs don't know what a data breach would cost their company. I'm sure that's not a number that most places I have worked would even bother calculating. Of course, most places probably would have no clue if there were a data breach in the first place.
This puts many technical people in a bad position. They want to do a good job, but management often wants to just give lip service to security. When it comes down to it, the performance, availability and convenience of database servers is much more important than good security to many companies. From allowing access for developers or applications with privileged accounts to preventing password changes because of hard coded entries, it seems that companies aren't that concerned about security in many cases.
Ultimately some external force is needed for us to make security a priority. It could be through regulation, insurance from lawsuits, or something else, but I don't have any confidence that companies are going to take security seriously. However you can do some little things yourself, like making sure there are no default passwords open on your systems.
Steve Jones
The Voice of the DBA Podcasts
- Windows Media Podcast - 16.5MB WMV
- iPod Video Podcast - 12.2MB MP4
- MP3 Audio Podcast - 2.9MB MP3
The podcast feeds are available at sqlservercentral.mevio.com. Comments are definitely appreciated and wanted, and you can get feeds from there. Overall RSS Feed:
or now on iTunes!
Today's podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music. Support this great duo at www.everydayjones.com.
You can also follow Steve Jones on Twitter: