November 19, 2016 at 7:06 pm
Comments posted to this topic are about the item Wow. Just Wow
November 19, 2016 at 8:17 pm
This is one of my many fears about putting stuff on the cloud. A lot of people think they have control over their data when, in reality, someone else has full control or a total lack of it where the wrong people end up with your data.
I also just read an article where Google cut some people off for not following certain rules having to do with a type of pad or phone. Their data is no longer accessible to them.
--Jeff Moden
Change is inevitable... Change for the better is not.
November 20, 2016 at 2:42 am
I have long lost count on how many posters on the forum have gotten solid and good advice from other members when handling PII and other sensitive data. My concern is that this still happens quite frequently, which I read as a gap in the knowledge and understanding of the technical professionals when it comes to basic data protection and security.
😎
November 20, 2016 at 11:06 pm
I also just read an article where Google cut some people off for not following certain rules having to do with a type of pad or phone. Their data is no longer accessible to them.
I am glad to hear that because I have my personal e-mail at Google and a friend of mine had their suspicions about Google's security. I use drop box now and then to transfer backups and always arrange with the other person to either move that backup off or to delete it once they are finished. It is difficult to move a backup of +- 50 GB if the other person is on the other side of the country. I agree with you that backup files should (if copied) be deleted after use to prevent theft of other people's personal information. :exclamationmark::exclamationmark::exclamationmark::exclamationmark:
Manie Verster
Developer
Johannesburg
South Africa
I am happy because I choose to be happy.
I just love my job!!!
November 21, 2016 at 4:58 am
Gosh, Manie... I wouldn't transfer backup files in the clear if there were any company data involved (and, of course, there will be) but I especially wouldn't do it if there's any PII involved. It's just to risky to do without encryption.
--Jeff Moden
Change is inevitable... Change for the better is not.
November 21, 2016 at 5:16 am
In the UK there has been quite a lot of resistance to implementing a centralised repository of all health records, and this kind of thing is exactly why. I opted out myself because I don't trust the data to be handled and stored properly.
As for Dropbox... no way would I use that for work data, even if I were allowed (it's blocked here).
November 21, 2016 at 5:45 am
Jeff Moden (11/21/2016)
Gosh, Manie... I wouldn't transfer backup files in the clear if there were any company data involved (and, of course, there will be) but I especially wouldn't do it if there's any PII involved. It's just to risky to do without encryption.
I agree with you Jeff. I maybe should have said I used to but fortunately I do not need to anymore and definitely will not do it anymore. :cool::cool::cool::cool::cool:
Manie Verster
Developer
Johannesburg
South Africa
I am happy because I choose to be happy.
I just love my job!!!
November 21, 2016 at 7:15 am
Beatrix Kiddo (11/21/2016)
In the UK there has been quite a lot of resistance to implementing a centralised repository of all health records, and this kind of thing is exactly why. I opted out myself because I don't trust the data to be handled and stored properly.As for Dropbox... no way would I use that for work data, even if I were allowed (it's blocked here).
As someone who works for a large NHS body, our approach is pretty straightforward and unambiguous.
All backups go to dedicated backup servers. Only DBA's and Sysadmins have access.
Third parties do not have backup privileges to the systems they supply.
No patient identifiable data of any type can be passed to any supplier or third party, unless they have signed an agreement which requires; a full security audit of their company, including criminal and background checks on staff (these are expensive, deep and thorough), formal undertaking to not release any data recieved in line with these rules.
Once this is complete, it may only be signed off by the responsible Caldicott Guardian https://en.wikipedia.org/wiki/Caldicott_guardian
Releases are I understand, agreed and authorised on an individual basis. Having said that, I've never done one, as of the several hundred systems I support, we don't have a single supplier who has jumped through these hoops.
Anyone taking local backups is in for a world of pain.
If I put anything on dropbox, I would do time for it in all probability.
I'm a DBA.
I'm not paid to solve problems. I'm paid to prevent them.
November 21, 2016 at 8:03 am
Jeff Moden (11/19/2016)
This is one of my many fears about putting stuff on the cloud. A lot of people think they have control over their data when, in reality, someone else has full control or a total lack of it where the wrong people end up with your data.I also just read an article where Google cut some people off for not following certain rules having to do with a type of pad or phone. Their data is no longer accessible to them.
Let Google try that with health data. That's against the law, to deny access. Even if there is a financial dispute, they can't cut off access to protected health information. It would be a HIPAA violation. The feds would probably love to go after Google for that.
November 21, 2016 at 8:29 am
Iwas Bornready (11/21/2016)
Jeff Moden (11/19/2016)
This is one of my many fears about putting stuff on the cloud. A lot of people think they have control over their data when, in reality, someone else has full control or a total lack of it where the wrong people end up with your data.I also just read an article where Google cut some people off for not following certain rules having to do with a type of pad or phone. Their data is no longer accessible to them.
Let Google try that with health data. That's against the law, to deny access. Even if there is a financial dispute, they can't cut off access to protected health information. It would be a HIPAA violation. The feds would probably love to go after Google for that.
Trying to use google cloud services to store that kind of information in the first place would likely be much higher on their priority list than google deleting or denying access to it.
November 21, 2016 at 9:35 am
As usual it appears to be human execution and choices rather than technology that caused the issues...trouble is that technology is an enabler (often of dreadful things).
Gaz
-- Stop your grinnin' and drop your linen...they're everywhere!!!
November 21, 2016 at 10:44 am
Just doing a Google search on filetype:mdf turns up a lot of hits. Some of them are references to NorthWind or AdventureWorks, but others it's not clear. I havn't tried to download any of them.
https://www.google.com/search?q=filetype%3Amdf
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
November 21, 2016 at 10:56 am
We're actually discussing this right now at our organization, so this seems like a perfect time to ask for some advice 🙂
While our backups are currently placed in a location where few accounts have access, we're looking to add the extra step of encrypting our backups. Since we're using SQL Server Standard Edition (and so we can't use TDE), would anyone be willing to share the tools they use to encrypt their *.bkp files?
Thanks,
--=Chuck
November 21, 2016 at 1:29 pm
November 21, 2016 at 1:53 pm
Just recently, the Standard edition of SQL Server 2016 SP1 is inheriting most (or maybe all?) of the Enterprise edition features it has traditionally excluded. Hopefully, backup encryption is feature it will now have.
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
Viewing 15 posts - 1 through 15 (of 17 total)
You must be logged in to reply to this topic. Login to reply