December 4, 2015 at 8:03 pm
Comments posted to this topic are about the item IT Data Governance and the Insider Job
Best wishes,
Phil Factor
December 5, 2015 at 6:30 pm
Phil,
I haven't seen more than one company in the last 20 years that protected & monitored data sufficiently. I would love to work for a shop that used Securesphere or Gaurdium to monitor & report on everything that hit my SQL servers.
December 7, 2015 at 12:28 am
We are obliged to note our time-usage. The development, monitoring and maintenance of the various security systems used for DB-access requires time and resources. That is not to say that one shouldn't build as secure as one can from the outset — paranoid allocation of the access-rights of logins & users along the principle of least-prviliege, backup maintenance, storage and regular testing and so on.
It should be said that these are core aspects of a DBA's job, but in those places where ticketing systems are used and all time spent must have a matching ticketing number, then security is obliged to go by the wayside.
If security is not a top priority of senior management and if they do not allocate sufficient resources (time, money etc.), then the poor DBA is on a hiding to nothing, especially if there are auditing systems, reports with sensitive data to be minded and monitoring to be done. Indeed, all aspects of security should be formalised in protocols so that it is explicitly clear who has to do what when and what needs to be done. These are the documents that you need onhand when the CFO comes looking for personal sysadmins rights to a DB-server.
December 7, 2015 at 2:51 am
I love it when someone insists
on a whole lot of complex logs, audit-mechanisms, encryption systems, scoping, intrusion systems, alerting, access-control systems and the like
because it is deemed necessary for that company. Those are usually well specified requirements and that is something that we can deal with.
Gaz
-- Stop your grinnin' and drop your linen...they're everywhere!!!
December 7, 2015 at 7:25 am
Is this conversation difficult for a specific reason?
It would be fairly easy for us to construct a variety of sample corporations that can be used to show what the security requirements are in detail.
412-977-3526 call/text
December 7, 2015 at 8:54 am
The inside job is indeed the biggest threat to corporate data. As a developer I view with skepticism my employer's extensive "complex logs, audit-mechanisms, ..." as being more security theater than actual security. As an acting DBA I know that the biggest threat to my database is me, in theory. I would never deliberately sabotage data because of the misery it would cause my colleagues but I (and my backup) are the only ones who could do fatal damage. When a disgruntled employee burns down the database it is not a failure of security mechanisms; it is simply a failure of management. And all the logs and audits in the company won't fix that.
December 7, 2015 at 10:48 am
This puts me on the horns of a dilemma.
On one hand I want my system to be secure, but on the other hand I want to do stuff with it.
Terry Pratchett gave a brief description of a gentleman who invented a box so secure that not even Death could penetrate it. Unfortunately he forgot what part air holes should play in the design.
I'm looking at distributed data warehousing in the cloud and our security guys are pointing out that you simply do not know what the cloud provider set up is like and where the vulnerabilities are. They contend that you don't know what happens between Hypervisors and therefore ALL data in motion needs to be encrypted between ALL components. That means a simple database record write may have gone through multiple encrypt/decrypt cycles before it reaches the database. Ditto data flowing back the other way.
Yes it is secure but no it doesn't perform without substantially beefing up the hardware, and even then it isn't fast.
December 9, 2015 at 10:57 am
The biggest braches I have encountered were linked to ex-employees walking off with code. IPR and data. One even set up a rival company taking our largest client with him. I am now in favour of watching a person clearing their desk and escorting them from the premises. It's sad that people sometimes cannot behave in a professional manner! 🙁
December 9, 2015 at 2:28 pm
mjh 45389 (12/9/2015)
...I am now in favour of watching a person clearing their desk and escorting them from the premises...
If everyone was treated the same it would end up protocol without shame.
Gaz
-- Stop your grinnin' and drop your linen...they're everywhere!!!
Viewing 9 posts - 1 through 8 (of 8 total)
You must be logged in to reply to this topic. Login to reply