Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase 12»»

Encrypt Everything Expand / Collapse
Author
Message
Posted Saturday, December 14, 2013 11:31 AM


SSC-Dedicated

SSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-Dedicated

Group: Administrators
Last Login: Today @ 2:27 PM
Points: 33,267, Visits: 15,434
Comments posted to this topic are about the item Encrypt Everything






Follow me on Twitter: @way0utwest

Forum Etiquette: How to post data/code on a forum to get the best help
Post #1522961
Posted Saturday, December 14, 2013 3:03 PM


SSC-Dedicated

SSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-Dedicated

Group: General Forum Members
Last Login: Today @ 2:33 PM
Points: 37,075, Visits: 31,633
I absolutely agree with the concept of encrypting everything in transit but...

Why does it seem that it always comes back to this recent bloody NSA thing? Where the hell have people been? It's not likely that organizations like the NSA are going to do anything with your data that would actually cause harm to the company (well, unless the company is doing something illegal). What people SHOULD be concerned about is ANYONE getting their data and if they're just now coming around to that fact, then they're several decades behind what should have been on their agenda all along.

As a bit of a sidebar, this is yet another reason why I prefer local physical hardware as opposed to using cloud services.


--Jeff Moden
"RBAR is pronounced "ree-bar" and is a "Modenism" for "Row-By-Agonizing-Row".

First step towards the paradigm shift of writing Set Based code:
Stop thinking about what you want to do to a row... think, instead, of what you want to do to a column."

(play on words) "Just because you CAN do something in T-SQL, doesn't mean you SHOULDN'T." --22 Aug 2013

Helpful Links:
How to post code problems
How to post performance problems
Post #1522976
Posted Monday, December 16, 2013 4:52 AM
Valued Member

Valued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued Member

Group: General Forum Members
Last Login: Today @ 7:27 AM
Points: 50, Visits: 337
To many applications still have SA rights with an easily guessed password. So encryption doesnt really help much other than the backup files now needing a certificate for the restore. These same companies still dont believe in encrypting data like bank account information, personal/customer personal data. Just waiting for the UK media to have afield day.

I have worked in too many places where the IT staff let alone the Business believe that an NDA will be adequate in protecting all of their data.
Post #1523161
Posted Monday, December 16, 2013 4:54 AM
Valued Member

Valued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued Member

Group: General Forum Members
Last Login: Today @ 7:27 AM
Points: 50, Visits: 337
Jeff Moden (12/14/2013) ......
As a bit of a sidebar, this is yet another reason why I prefer local physical hardware as opposed to using cloud services.


A bit tongue in cheek: Why would any one at a cloud provider want to look at your data.

More seriously though, at least you can do a proper audit with local storage.
Post #1523162
Posted Monday, December 16, 2013 6:28 AM
Say Hey Kid

Say Hey KidSay Hey KidSay Hey KidSay Hey KidSay Hey KidSay Hey KidSay Hey KidSay Hey Kid

Group: General Forum Members
Last Login: Yesterday @ 6:18 AM
Points: 662, Visits: 1,671
If business managers invested in security and training, we would have security and training. Until then, they are enjoy their bonuses and wondering what us nerds and geeks are worried about.
Post #1523184
Posted Monday, December 16, 2013 7:19 AM
SSC-Addicted

SSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-Addicted

Group: General Forum Members
Last Login: Thursday, September 11, 2014 10:02 AM
Points: 483, Visits: 796
I think it is fair to point out that Microsoft just stated they will start encrypting, Google just stated they would a couple weeks ago. All of the major players knew this was an issue years ago, and ignored the risk.

Our organization is starting to require SSL on all web traffic, whether internal or external. It will take a couple years to get there, but in the end it will be an improvement. Thick client apps are not in scope for this change.

The media and the government continuously talk about how the biggest threat is internal, but I disagree. Our own government is arguably the worst as they are violating our own constitution! This is followed by intrusion attempts from china and other countries, and I believe individual attacks from external resources are next. Employee threats exist, but if you count the group of employees who are foreign nationals in the "country" group, I think that threat is relatively small.

My point - encrypt everything external first, and worry about internal risks once that is somewhat taken care of. Those companies that can do both at the same time should consider it.


Dave
Post #1523212
Posted Monday, December 16, 2013 7:26 AM
SSC-Addicted

SSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-Addicted

Group: General Forum Members
Last Login: Thursday, September 11, 2014 10:02 AM
Points: 483, Visits: 796
Jeff Moden (12/14/2013)
I absolutely agree with the concept of encrypting everything in transit but...

Why does it seem that it always comes back to this recent bloody NSA thing? Where the hell have people been? It's not likely that organizations like the NSA are going to do anything with your data that would actually cause harm to the company (well, unless the company is doing something illegal).


The NSA is a government agency. Government agencies answer to the president and congress. The current administration has used the IRS to attack the Tea Party, previous administrations on both sides have used the IRS and other agencies to attack their enemies.

Companies get attacked frequently because of the political opinions of the owners or management. I do not believe that it is at all a stretch to say that various administrations in the past, and certainly the future, have and will use anything they can to silence opposition. The NSA has ADMITTED it is using personal preferences such as sexual orientation, sexual habits and other data to attack the leaders of various organizations. How long before they use that information to attack CEOs? I would bet it is already happening.

I respect your opinion on this, and I would hope you are correct that the likelihood is low, but recent evidence indicates you may not be.


Dave
Post #1523218
Posted Monday, December 16, 2013 8:20 AM


SSC-Dedicated

SSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-Dedicated

Group: Administrators
Last Login: Today @ 2:27 PM
Points: 33,267, Visits: 15,434
Yet Another DBA (12/16/2013)

A bit tongue in cheek: Why would any one at a cloud provider want to look at your data.


It's not anyone, but a particular person. If I suspect you are storing credit cards, or I want to know your sales data, and it's valuable enough, trying to get an employee to siphon off or look at data (for $$) is a valid way of criminally attacking your data.

Or perhaps I see if the cloud company really separates out VLANs or do they have shared LANs I can sniff?

Encryption certainly slows things down.







Follow me on Twitter: @way0utwest

Forum Etiquette: How to post data/code on a forum to get the best help
Post #1523260
Posted Monday, December 16, 2013 8:25 AM


SSC-Dedicated

SSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-Dedicated

Group: Administrators
Last Login: Today @ 2:27 PM
Points: 33,267, Visits: 15,434
djackson 22568 (12/16/2013)


Companies get attacked frequently because of the political opinions of the owners or management. I do not believe that it is at all a stretch to say that various administrations in the past, and certainly the future, have and will use anything they can to silence opposition. The NSA has ADMITTED it is using personal preferences such as sexual orientation, sexual habits and other data to attack the leaders of various organizations. How long before they use that information to attack CEOs? I would bet it is already happening.

I respect your opinion on this, and I would hope you are correct that the likelihood is low, but recent evidence indicates you may not be.


I'm not sure I am quite as concerned here as Mr. Jackson, but I also do think that information gets leaked. CEOs are friends, or potential employers, of people working at the NSA. They (NSA or government employees) might be willing to share confidential information that gets them a job, bonus, etc. I don't think it's some global conspiracy or consistent set of actions that occurs constantly, but I do think it can happen. It's human nature.

However, I agree with Jeff that it's not something that just started. This type of espionage has been happening with corporations, foreign governments, and likely our own, for a long time.







Follow me on Twitter: @way0utwest

Forum Etiquette: How to post data/code on a forum to get the best help
Post #1523262
Posted Monday, December 16, 2013 8:33 AM
Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: Monday, September 8, 2014 6:16 AM
Points: 375, Visits: 603
Pick on South Carolina. The South Carolina Department of Revenue didn't encrypt the Social Security Numbers of taxpayers who filed electronic tax returns. Whoops! Now hackers have 6 million Social Security Numbers when they hacked into the computer systems.
Post #1523269
« Prev Topic | Next Topic »

Add to briefcase 12»»

Permissions Expand / Collapse