More Data Security Issues

  • djackson 22568 (6/26/2013)


    Eric M Russell (6/26/2013)


    I don't think that Microsoft can be faulted for insecure data. The database, network, and operating system framework that Microsoft has provided us is solid when it comes to security. For example, I've heard from security experts that SQL Server is much easier to lock down and has had fewer security holes when compared to Oracle and other products.

    Data security is also not about decisions made by the board of directors at the organzation.

    Really, if you look at news stories about data breaches, the plot is the same:

    1. Some guy who couldn't be trusted had unrestricted access to the database

    2. SQL injection

    3. Some developer copied down the database to their laptop and then lost it.

    These things can be prevented using role based security, properly coded SQL in the application, and enforcing restriction policies on the windows workstations. Microsoft has given is the tools we need.

    I hate to say it, but it's mostly about ignorance on the part of IT staff, primarily the developers and DBA.

    Not what I said. What I said was Microsoft changed the game. Developers are partly at fault, but Microsoft changes their design requirements as often as some people change shoes! I do feel for the developers who have to completely redesign something because some idiot in Marketing at Microsoft thinks they can make more money by doing something different. I also feel for them when changes are made to make products more secure. I hate to say it, but the fact remains that Microsoft originally left out any thoughts about making things secure, and only recently made progress on that front, so yes, they are partly to blame. I am by no means a hater of Microsoft, but I am not going to sugar coat things either.

    There are many reasons behind these issues, not just lazy developers.

    I guess we all have to accept that the industry, in general, was somewhat lax regarding security (myself included). I feel that once the Internet became prevalent in use and that more and more valuable data was collected that suddenly it was easy to get something worthwhile.

    Gaz

    -- Stop your grinnin' and drop your linen...they're everywhere!!!

  • djackson 22568 (6/26/2013)


    Eric M Russell (6/26/2013)


    I don't think that Microsoft can be faulted for insecure data. The database, network, and operating system framework that Microsoft has provided us is solid when it comes to security. For example, I've heard from security experts that SQL Server is much easier to lock down and has had fewer security holes when compared to Oracle and other products.

    Data security is also not about decisions made by the board of directors at the organzation.

    Really, if you look at news stories about data breaches, the plot is the same:

    1. Some guy who couldn't be trusted had unrestricted access to the database

    2. SQL injection

    3. Some developer copied down the database to their laptop and then lost it.

    These things can be prevented using role based security, properly coded SQL in the application, and enforcing restriction policies on the windows workstations. Microsoft has given is the tools we need.

    I hate to say it, but it's mostly about ignorance on the part of IT staff, primarily the developers and DBA.

    Not what I said. What I said was Microsoft changed the game. Developers are partly at fault, but Microsoft changes their design requirements as often as some people change shoes! I do feel for the developers who have to completely redesign something because some idiot in Marketing at Microsoft thinks they can make more money by doing something different. I also feel for them when changes are made to make products more secure. I hate to say it, but the fact remains that Microsoft originally left out any thoughts about making things secure, and only recently made progress on that front, so yes, they are partly to blame. I am by no means a hater of Microsoft, but I am not going to sugar coat things either.

    There are many reasons behind these issues, not just lazy developers.

    SQL injection, user accounts with SYSADMIN access to production, lost laptops containing social security numbers:

    I don't think that the marketing department of Microsoft, an organization's board of directors, or even the organization's executive management are responsible for that. There is also little they can do to mitigate that, becuase the proper solutions have been around for decades. It all boils down to developers and DBAs making bad choices, not following widely accepted best practices.

    "Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho

Viewing 2 posts - 16 through 16 (of 16 total)

You must be logged in to reply to this topic. Login to reply