Protecting Data

  • Kevin Gill (10/19/2011)


    SanDroid (10/19/2011)


    Kevin Gill (10/19/2011)


    Just to answer one of your points, I'm not worried about rouge developers, as they're easy to spot by their colouring, and we just avoid employing red people. 🙂

    The Native American in me wonders what you mean by that... 😛

    You'd be ok as long as you didn't come in speaking French.

    Or wearing too much makeup.

    If those style of comments were made during the interview I am certain I would be OK... 😛 :hehe:

  • Doh! spellcheckers and proofreaders fail me.

    My typo has been corrected.

  • I think that obfuscation of data is useful to prevent inadvertant disclosure. Most of the time I don't need, or want, to know the "real" data. I just need to know what that data looks like.

    I think a problem comes in when we confuse obfuscation with anonymizing. It turns out that making data truly anonymous is much harder than we think. So, maybe we do need to be more aware of the idea that just because its obfuscated doesn't mean it shouldn't be secured.

    --

    JimFive

  • Miles Neale (10/19/2011)


    Kevin Gill (10/19/2011)


    SanDroid (10/19/2011)


    Kevin Gill (10/19/2011)


    Just to answer one of your points, I'm not worried about rouge developers, as they're easy to spot by their colouring, and we just avoid employing red people. 🙂

    The Native American in me wonders what you mean by that... 😛

    You'd be ok as long as you didn't come in speaking French.

    Or wearing too much makeup.

    Not funny, appears racist. Probably was not intended that way but best to leave it instead of digging deeper.

    Rouge - French for red

    Makeup - Rouge is a type of makeup.

    Wasn't me brought up the native americans...

    Not sure I agree about the racism but OK 🙂

    EDIT

    Actually no I'm not going to accept being chastised for something that is fundamentally just oversensitivity to a bit of wordplay that that could (with a bit of imagination) be construed as racist. Could you please explain how you would consider it to be racist, given the origin of the comments i.e. the joke around Rouge Developers, and who it would be racist against? I really don't understand your point of view.

    EDIT AGAIN

    Having just googled 'Red People' I possibly now get your comment, though it would have been better targeted earlier in the thread. I had no idea that phrase had ever been used to mean native americans, and I thought the Native American comment was a link to 'Red Indian' which is a phrase I have of course heard. Being English, we don't hear much slang about native Americans. I imagined someone who was genuinely red, such as Mr Strong, or Ken Livingstone.

    -------------------------------Oh no!

  • SanDroid (10/19/2011)

    If those style of comments were made during the interview I am certain I would be OK... 😛 :hehe:

    Confused...

    -------------------------------Oh no!

  • Kevin Gill (10/19/2011)


    Miles Neale (10/19/2011)


    Kevin Gill (10/19/2011)


    SanDroid (10/19/2011)


    Kevin Gill (10/19/2011)


    Just to answer one of your points, I'm not worried about rouge developers, as they're easy to spot by their colouring, and we just avoid employing red people. 🙂

    The Native American in me wonders what you mean by that... 😛

    You'd be ok as long as you didn't come in speaking French.

    Or wearing too much makeup.

    Not funny, appears racist. Probably was not intended that way but best to leave it instead of digging deeper.

    Rouge - French for red

    Makeup - Rouge is a type of makeup.

    Wasn't me brought up the native americans...

    Not sure I agree about the racism but OK 🙂

    EDIT

    Actually no I'm not going to accept being chastised for something that is fundamentally just oversensitivity to a bit of wordplay that that could (with a bit of imagination) be construed as racist. Could you please explain how you would consider it to be racist, given the origin of the comments i.e. the joke around Rouge Developers, and who it would be racist against? I really don't understand your point of view.

    Totally did not get the reference of Rougue to Rouge.

  • SanDroid (10/19/2011)

    Totally did not get the reference of Rougue to Rouge.

    That would certainly make my comments seem very strange 🙂

    -------------------------------Oh no!

  • SQLRNNR (10/18/2011)


    If your test data is truly too close to real data, then it probably should be secured just like prod. If you can't obfuscate it efficiently enough, then secure it better.

    Actually, how can we test effectively and completely UNLESS we secure our test system the exact same as prod?

    I configure my test servers exactly the same. I don't copy prod data over (usually, some systems require it), but regardless I am able to test access in test first, and if there are issues I can then correct them and test until it is correct. Once that is done, I can reconfigure production to match and then I know it is as secure as what I tested.

    Note, I did not say it is secure, only as secure as I tested. Nothing is secure.

    Dave

  • In the modern data landscape, I am keenly aware of the cost, both professionally and commercially, of a breach of data security. Working for a large law firm makes that even more important. Without giving too much away, there have been incidences of employees tryibng to leave with some of the silverware. We have measures in place to capture these events. Up until now this has not involved anyone in IT development. Still, the vulnerability of sensitive data in our development environment worries me.

    In the development environment I take tha approach that HR and financial data is the most sensitive. We are lucky that most documents (99%) are available to all employees. The othe 1% are protected by active monitoring in both the test and production environments. However, data is a different story. I have scripts to obscure the HR and financial data. The developers know that there is no [personally identifying data in the HR database or accurate financial data where ever it resides. There are still some surprises when a venfor database throws up some table that contains identifiable data, butthis is then added to the obsfucating scripts.

    The test environment has more open security for the developers that exists in production. In production the deveopers are subject to controlled access like every other user.

    I believe that is is impossible or at least not worth the effort to totally anonomise all data. Obsfucation is a good compromise. If a dfeveloper was to breach the security, it can easily be demostrated that it took targeted and concerted effort to cause the breach. It could not be blamed on accident or sloppy process.

    There are enough media reports of late to highlight the cost of a single breach. Unfortunately it is not enough to trust in the good nature of all people. Yes, most people most of the time, but not all people all of the time.

    And like a perfect counterfiet, a perfect data breach will remain unknown until too late.

  • SanDroid (10/19/2011)


    Kevin Gill (10/19/2011)


    Miles Neale (10/19/2011)


    Kevin Gill (10/19/2011)


    SanDroid (10/19/2011)


    Kevin Gill (10/19/2011)


    Just to answer one of your points, I'm not worried about rouge developers, as they're easy to spot by their colouring, and we just avoid employing red people. 🙂

    The Native American in me wonders what you mean by that... 😛

    You'd be ok as long as you didn't come in speaking French.

    Or wearing too much makeup.

    Not funny, appears racist. Probably was not intended that way but best to leave it instead of digging deeper.

    Rouge - French for red

    Makeup - Rouge is a type of makeup.

    Wasn't me brought up the native americans...

    Not sure I agree about the racism but OK 🙂

    EDIT

    Actually no I'm not going to accept being chastised for something that is fundamentally just oversensitivity to a bit of wordplay that that could (with a bit of imagination) be construed as racist. Could you please explain how you would consider it to be racist, given the origin of the comments i.e. the joke around Rouge Developers, and who it would be racist against? I really don't understand your point of view.

    Totally did not get the reference of Rougue to Rouge.

    Complete BS!

    Pot calling the kettle black is viewed by some as racist, when it has nothing to do with skin color.

    Red is now inappropriate because it slams indians! I am tired of people trying to label comments as racist when they were certainly not intended to be. I don't like the president because he is an idiot, far more of an idiot than the last idiot, yet the media and others say it must be because I am racist. Get real. It couldn't have anything to do with him bankrupting the country.

    Grow up people, and try arguing with logic in the future. Your comment about oversensitivity is the understatement of the year. You did NOTHING wrong and have to apologize or defend yourself. These politically correct morons need to go back wherever they came and accept that true Americans are tired of this ridiculous accusations. Our country is now to the point where anyone can condemn Christians, but any comment about the muslim terrorists that attacked us, or against the first black president, has to be based on racism.

    Dave

  • Miles Neale (10/19/2011)


    Kevin Gill (10/19/2011)


    SanDroid (10/19/2011)


    Kevin Gill (10/19/2011)


    Just to answer one of your points, I'm not worried about rouge developers, as they're easy to spot by their colouring, and we just avoid employing red people. 🙂

    The Native American in me wonders what you mean by that... 😛

    You'd be ok as long as you didn't come in speaking French.

    Or wearing too much makeup.

    Not funny, appears racist. Probably was not intended that way but best to leave it instead of digging deeper.

    French is a nationality, not a race, and unless you are trying to imitate humor, this is the most ridiculous thing I have seen outside the liberal media in weeks.

    Dave

  • Is it really true that we can't anonymize data?

    It is possible to remove or hash the personally identifying attributes (name, ssn, contact info, etc.) from a flat dataset or the relational tables in a database. However, personal details, like where you live or list of your top 5 favorite movies, can be used to link two independently published sets of data with some degree of reliability.

    How to Break Anonymity of the Netflix Prize Dataset - FAQ

    http://www.cs.utexas.edu/~shmat/netflix-faq.html

    "Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho

  • I'm not up to date on Denali features but isn't data masking by role/column a great idea for a new dbms feature? In many shops dev and test worlds are littered with personal data, and masking doesn't fit into agressive, optimistic delivery schedules that seem to be in style these days. Wouldn't it be great if DBAs could "turn on" data masking for a column?

  • I prefer to perform data sampling from production to create dev/test data rather than doing a restore. Fields like SSNs and Phone numbers should be completely random values. For other fields, I like to select X values randomly from each field of a table to create test records for dev/test. This produces test records that contain actual production values but completely disassociates those values from the identifying values. This also allows the creation of more or less data from a larger 'virtual' pool of records containing every combination of values. So you get good performance with a small sample during routine testing, but can create a huge dataset for performance testing.

Viewing 14 posts - 16 through 28 (of 28 total)

You must be logged in to reply to this topic. Login to reply