A Matter of Trust

  • Very well put, Charles.

  • Couldn't a lot of this could be solved using the crypto features in 2005? Encrypt the salary column, the SSN (assuming it's not your PK), the bank account or credit card numbers? (though I would be tempted to have the last four numbers of the SSN in a separate char field to simplify lookups) Thus we could continue with our DBA responsibilities and still not have access to certain information.

    Auditing is another matter, though. We can easily enough audit table activity through triggers, assuming enough disk space is available, but what about selects? Are we going to re-code our apps so that all data requests are processed through SPs so that we can audit queries? Not easy if you use a lot of third-party solutions.

    In some cases, information is not as sensitive as you might think. For example, salary. If you work for the government (at whatever level), your salary might be a matter of public record and subject to a FOIA request or its equiv.

    What do we need employee SSNs in our databases for, aside from doing tax forms at the end of the year? Our ERP uses an employee ID# for its PK, not SSN. All health plans now provide alternate identifiers so that they don't expose your SSN on your health ID card (or they should be). So why not encrypt it?

    I just spent a few hours going through the canned views that our ERP provider supplied with our system removing SSNs since we make those views available to users for Crystal Reports purposes.

    Trust is a delicate thing, but lack of trust can really hamper an org's efficiency. Balance in all things, especially field sobriety tests.

    -----
    [font="Arial"]Knowledge is of two kinds. We know a subject ourselves or we know where we can find information upon it. --Samuel Johnson[/font]

  • It is a sad day when the integrity of someone entrusted with sensitive data even has to be questioned.  Says a lot for the condition of the "human condition".  Even bonding people is not going to guarantee that person will not disclose something that he/she shouldn't.  Bonding only gives some glimmer of a persons background which can give quite a false "picture" of that person as well.  And who bonds the bondsman? Where does that one end?  I have a mental picture of the old telescope, a person in front of a tv with him on that tv standing in front of a tv with him standing in front of a tv on that tv......   I'm getting dizzy!  Maybe the answer is like when I was in Nam with an armed Jar Head following me around 24/7 because of where I was at, with the clearance and knowledge I had.  I felt good about my body guard until I found out he was protecting me only to a point and if that was breached he was protecting the government from the potential perceived loss I represented.  Every DBA with his own Jar Head bodyguard!  Yippee!!!  And getting that clearance!  I doubt if any private entity could afford the cost of the background checks the military does on their higher levels of security!  And in a case like mine, all they had to go on was the view from my ma and some neighbors and teachers and old employers of kid jobs so how could they really be sure? 

     

    Point is at some level it doesn't matter how much bonding or checking is done on an individual, it comes down to that individuals own personal honor and pride in self.  Something that can't be taught in the short term or long term for that matter.  It is developed from an individuals view of the world from the time he is born until the day he dies, that development never ends.  Developed from, mostly, his/her personal relationships with parents and relatives to begin with, but tempered by peers and even those perceived as not being peers (actually no such animal) and tv, don’t forget about that education!  The world view people!  But again there is that question of how someone else can really be sure of another’s integrity!

     

    I work in a hospital and have access to all HR and financial data which is not really as sensitive as the patient data out there and I have had access of that nature for over 30 years!  True, they could take that away from me in an instant on someone’s perception that I am not reliable all of a sudden!  I mainly only look at that data when preparing special reporting to verify accuracy of what I am producing.  Knowing what I see, what would be the advantage of spilling that data from the roof tops?  Agencies like HIPAA put out the regs covering that type of sensitive data but what you are really talking about is an individual's privacy and you have to consider how you protect your own privacy!  Or lack of it,  remember Big Brother is watching!!  I receive enough pay to live on, not enough to get me out of the middle of middle class with my wife working as well.  Any money gain from selling that data would only lead back to me and I would lose that earning capacity and who would hire me then?   I guess I just don't understand the need to talk about stuff that doesn't concern you anyway.  My wife always said I am too naive!  That's it, hire only naive people!!

     

    Which brings me to a final point, who can you really trust?  Maybe company's shouldn't develop any sensitive data at all.  Maybe nobody should be trusted at all.  Maybe we all should build bomb shelters in our back yards, stock them and lock the door permanently behind us.  But then can you really trust your wife or kids in there with you?  Maybe multiple, individual bomb shelters for everybody!   I think when I get home tonight I’m getting my shovel, go out to the back yard and lay out a couple of……….. 

     

    If somebody gets a good answer to this one let me know because the problem is real, it exists and there are unethical people who will compromise security and trust for whatever reason, money or otherwise and those lunatic enough to be led by the nose into something they shouldn’t.  To quote Murrow, “Good Night, and Good Luck”.

  • All that bonding does is it shows that in the past you appeared to be a trustworthy person. As the investment adverts say, "past performance is no indicator of future gains." We only have to look at that SQL DBA in Florida(?) who stole all of those accounts from his employer and sold them to marketers.

    Fortunately, I think most of us take our role as guardians of our employer's data seriously and wouldn't consider doing such an egregious thing. But like they say, 99% of all lawyers give the rest a bad name. It only takes one twit like the guy in Florida to make things a lot more complicated for the rest of us.

    Many years back, I knew a guy who probably had a Marine escort, he was based in Korea doing crypto communications. 'Shoot this man if the base is attacked.' What a way to make a living!

    -----
    [font="Arial"]Knowledge is of two kinds. We know a subject ourselves or we know where we can find information upon it. --Samuel Johnson[/font]

  • I strong agree with Charles about internal controls. 

    DBA is more than an IT professional considering the nature of DBA's work.  Having technical skills/people skills/business understanding is not enough for being a DBA.  Even eduction, auditing, security policy/law is in place, if anyone intends to do it, s/he can find a way to do it ignoring the consequence.

    example: http://www.networkworld.com/news/2007/070307-fidelity-national-records.html?nlhtsec=0702securityalert4

    So, do better find a trustworthy DBA for the employer and to be a trustworthy DBA as an employee.

     

  • Hmmm, an armed body guard for each DBA? Would they be hired to protect the DBA or the data? I would suspect the data which means the DBA was expendable if the guard thought the data was in danger.

    Didn't they make a movie about called "They shoot DBA's don't they"

    I agree with Charles and the sooner management takes on that same philosophy, the sooner these problems will abate.

    Personally, I have access to all corporate data. I have other work to do and could care a less. This is not an issue for me. But I understand why it is for others. I also have high moral and ethical standards that are bible based. I would have these no matter what I did for a living.

    These are the same standards and beliefs that our founding fathers had when they created our country and our form of government. They would be ashamed of what it has become.

    Maybe its time to dump all critical databases and go back to a cardex system.

    That's where you post the guard.

     

  • Bonding isn't a guarantee. It's insurance and just provides some recourse for those affected by a data loss. It just gives you some measure and it's not perfect. But it does at least force you to look through someone's background. Not that it prevents criminal activity, but I'd like to think that it reduces it somewhat.

  • There are a lot of good points here - and I don't have a solution for this either.

    I think any solution is going to be database-specific, mainly because database usage is both ubiquitous and unique to every application. There are some relatively small databases that are pounded upon mercilessly. Auditing them would produce more data than the database contains - daily! Then there are large databases that are used strictly for reporting (data warehouses, for instance) - how do you tell which SELECT statement was used to redirect the information to an unauthorized source?

    There probably is a somewhat solution for all this, but I doubt it will be simple or fun.

    :{| Andy

    Andy Leonard, Chief Data Engineer, Enterprise Data & Analytics

  • Cardex files might be the solution after all!  I can see the code now:  SELECT Card where Index_1 =……    In a society such a ours there can never be an answer to this integrity problem.  I firmly believe however that as we mature, individually and collectively as a society, we will become perfect.  I can even give you the date!  It will occur the day after our sun goes nova!  People being people, you are never going to squeeze the cussedness from some folks.  And it ain’t a modern phenomena either, goes back to Monkey Say conking Monkey Do over the head for his banana. 

     

    Laws and regulations, at least the good ones, are generated using common sense and a real interest in observing and considering the rights of the person next to you.  Unfortunately not everyone is born with a conscience so there will always be people breaking those laws due partly to their lack of self respect.  If you don’t respect yourself then you won’t respect others and you can do anything you want.  No limitations because of no sense of social obligations.  And I am sure the street corner shrink can come up with any number of other excuses.

     

    You might get the idea that I am a pessimist or that I am not being productive by coming up with ideas for protecting my data.  I/we have done everything we can think of to provide that protection for all of our data, sensitive or not (the not being any proprietary business data).  The whole point I have been trying to make goes back to the first paragraph above.  No matter what you do, you can’t 100% protect your data from someone, usually from within (easier to protect from external intrusions but not absolute there either), determined to steal that data or too stupid to take basic precautions to protect it. 

     

    But you never stop trying either.  Taking a note from Luke L., using the best  judgment in your hiring practices you can, to get the best people you can, is a start.  I think in becoming one of the “best people”, a person has gained the pride and self respect/worth he needs to be one of those types who respects the value of whatever he is in charge of to the point of proactively protecting the integrity of that charge without even thinking about it.   Sounds corny but stroking the feathers of folks time to time letting them know your trust helps too.  It breaks down to the individual and I doubt very much if requiring a polygraph test will help either.  As I said before, no easy answers or fixes.

  • A few years back I found a use for a Cardex system.  My wife's grandfather asked me what good computers were and what they could be used for.  Remembering that I had read his book (ISBN :0830901248) and that his sailing days ended on a whaler under sail I had to think of a good way to explain it.

    He had done lot's of research and I knew that he was familiar with libraries.  I pointed out that you could view a database much like the card index system.  "Now imagine that I can search through hundreds of thousand cards per second."  He thought that would be useful for research.  I mused that someday you could even have electronic copies of the text in the books and be able to search through that just as fast.  He did not think that electronic copies of book would ever happen.  Sadly he passed before that reality hit.

    ATBCharles Kincaid

  • A couple of points here. USB ports can be inactivated by application of a group policy when the computer is booting. It creates pain for many users, but can be done.

    In systems with sensitive data, there has to be a separation between the DBA's who apply scripts, etc. and the folks who develop and maintain the systems.  We ahve several of those systems where I work, and support has never been a problem. When issues arise, the developers may get to look at the data that casued the issue if necessary, but genrally resolve the issues with test data. A separate DBA is responsible for applying scripts and fixes to the production system, using an ID that is checked out from a firecall system. No DBA in my company has an everyday ID with change access to a production system.

    WRT to SOX, most companies are now aware of the necessity of internal controls, and there are recognized audit programs for determining the health of the internal controls. Some of the requirements are basic - all data and systems have owners, who approve changes to the systems. Access to data is granted only to those who need the access to perform their jobs. All systems are assessed for risk, and identified risks are mitigated. Changes to systems are thoroughly tested in a separate developmetn environment and accepted by the users. Robust management of change processes must be implemented to minimize systems risk. Prior to SOX, companies cut costs by eliminaitng internal controls. That's generally a really bad idea.

  • I don't think bonding will help a company find trustworthy workers.  It's just a form of insurance.  Worse, as a contractor, who pays for the bond?  For my last few employers, as part of the hiring process I peed in a cup and signed off on a background check.  The background check just looked at public records and credit reports to see that 1) I was who I claimed to be and had the background I claimed, 2) I wasn't on the lam from Texas, and 3) wasn't in debt up the ying-yang, which when I worked for DoD was the number one reason people sold secrets.  As a contractor for the county probation department, they ran my fingerprints.  Why not do that periodically for your employees who need to be entrusted with sensitive data?  Although if they start making personnel decisions based on a change in a credit report ("Sorry Dave, we can't promote you to Sr. DBA because you have a $1000 car payment.")...

    There is no "i" in team, but idiot has two.
  • I vote for the "pee in a cup" process. That's how one of my kids is earning money while going to college. Collecting samples (and no its not glamorous work but interesting).

    After the collection, fingerprinting or other sample is collected, the information goes into a dB and is sent out for testing.

    Wait, what's wrong with this process?

  • I am a firm believer in the fact that a DBA must be a position of trust - but a trust that runs both ways.

    A DBA needs the authority to do the work he/she needs to do but they also need to be square with the company in that while they have access to the data, it is not viewed.

    I take anyone questioning my word as a personal affront to my integrity which, depending on the person making the accusation, had better watch out for a very fast punch in the mouth (some deserve this more than others).

    As a Justice of the Peace as well as holding clearance that says that I'm safe to work around children (a thing here in this state brought in to combat the elements of society abuse the trust of innocents) - my ability to be discreet and display the utmost integrity far exceeds that of an idiot auditor or manager who thinks that I'm going to abuse the priviledge to view data simply because I possess that ability.

    I witnessed a breach of security this morning because some IDIOT in the network (nutwork?) team furnished a third-party vendor with the network administrator password.  The vendor said to me that they wanted to check something out in the User Acceptance area.  Considering that I am working to upgrade the security here, I watched their session without them knowing.  The vendor then logged onto a production box (via a URL supplied to them by Network).  THEN the person logging in LIES about it and makes like he didn't know it was a production box thereby thinking that I am an idiot and will be fooled by any excuse.

    For a financial institution, the security here is CRAP and is akin to elements I found 10 years ago in various forms but those who manage security are generally disinterested in helping me to fix it

     

    You would be amazed how often I get questioned when I need to send data to a vendor and I send the CD/DVD in an archive that is password-protected and encrypted and the password will be sent only to them via email - never together.  Apparently the security of client & staff data isn't that big a deal to many vendors.

    A lack of planning on your part does not constitute an emergency on mine.

  • We work in a supposedly secure environment and have security audits, penetration tests etc. Only a select few of the network admins have acces to their cd drives or usb ports, they are disabled for the rest of us. Data doesn't go out without the approval of the IT Security Officer who is an older civil servant, experienced in government procedures (not the stored ones!) and paperwork. Then it only goes certain ways.

    I am often approached when a vendor's staff come to install software and the network admin asks "What's the sa password for server x as we need to install product xyz?"

    The response is to set up a temporary account with the necessary installation permissions and then remove it as soon as the job is done. Yet there are still software packages which say they need to run under the sa account and the suppliers cannot understand why you don't want sa used.

    It is only education in security issues that can change this. Even legislation is seen as just a nuisance.

Viewing 15 posts - 16 through 29 (of 29 total)

You must be logged in to reply to this topic. Login to reply