Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase 123»»»

Data Security Policies Expand / Collapse
Author
Message
Posted Saturday, April 5, 2014 11:31 AM


SSC-Dedicated

SSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-Dedicated

Group: Administrators
Last Login: Today @ 4:10 PM
Points: 33,095, Visits: 15,202
Comments posted to this topic are about the item Data Security Policies






Follow me on Twitter: @way0utwest

Forum Etiquette: How to post data/code on a forum to get the best help
Post #1558758
Posted Monday, April 7, 2014 2:19 AM
SSC Rookie

SSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC Rookie

Group: General Forum Members
Last Login: Today @ 12:53 AM
Points: 38, Visits: 301
Does your organization have some policy around data security on mobile devices?

Only 1 company in the last 10 has. Others have pretended

Do your fellow employees care about data security?

Totally the opposite.
Developers see data security as an anti-requirement.
Bosses dont want to understand or dont want to upset their bosses
And a pseudo dba is the worse abuser of privacy
And a previous dba was partially responsible for a large data breach cos he was following orders and data security was not his thing!

And people wonder why I'm sceptical...


Post #1558948
Posted Monday, April 7, 2014 2:43 AM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Today @ 9:07 AM
Points: 5,200, Visits: 2,831
Most clients of mine start off with a default policy of no devices allowed. They all seem to move through locked down VPN-enabled laptops and Blackberrys for email. Most are still at this stage. Occasionally, I have been allowed either VPN access from non-company equipment or access to services over HTTP (HTTPS to be more accurate) such as source control systems.

As more and more services are getting to be hosted remotely, and sometimes by third parties, and accessed allowed via anywhere on the Internet, I expect that more and more non-company supplied hardware access to be utilised. The security will be more and more based on secured creditials rather than secured hardware.


Gaz

-- Stop your grinnin' and drop your linen...they're everywhere!!!
Post #1558953
Posted Monday, April 7, 2014 2:50 AM
SSC Eights!

SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!

Group: General Forum Members
Last Login: Today @ 9:19 AM
Points: 887, Visits: 1,226
It is the threat of a fine that seems to push security work in my organisation. Not the proactive aim of actually looking after data because it is the correct thing to be doing.
Post #1558954
Posted Monday, April 7, 2014 3:01 AM
SSC Veteran

SSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC Veteran

Group: General Forum Members
Last Login: Yesterday @ 4:58 AM
Points: 213, Visits: 827
Yet Another DBA (4/7/2014)
Only 1 company in the last 10 has. Others have pretended

And people wonder why I'm sceptical...


You have all my feels. I feel like we're kindred spirits. Can we be friends?
Post #1558956
Posted Monday, April 7, 2014 7:57 AM
Right there with Babe

Right there with BabeRight there with BabeRight there with BabeRight there with BabeRight there with BabeRight there with BabeRight there with BabeRight there with Babe

Group: General Forum Members
Last Login: Thursday, July 24, 2014 7:01 AM
Points: 740, Visits: 1,892
Personally I keep my devices and company devices completely separate. Better for both parties.

...

-- FORTRAN manual for Xerox Computers --
Post #1559082
Posted Monday, April 7, 2014 8:07 AM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Today @ 9:07 AM
Points: 5,200, Visits: 2,831
jay-h (4/7/2014)
Personally I keep my devices and company devices completely separate. Better for both parties.


Works for employees but not necessarily for consultants, contractors, freelancers and other 3rd parties who, sometimes, use their own equipment. I used to find that freelance work was always simply on site and with that company's hardware and software over their own network. In recent years it varies from client to client.


Gaz

-- Stop your grinnin' and drop your linen...they're everywhere!!!
Post #1559088
Posted Monday, April 7, 2014 8:50 AM
Valued Member

Valued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued Member

Group: General Forum Members
Last Login: Sunday, July 27, 2014 3:30 AM
Points: 53, Visits: 401
When it comes to PCI and financial data, there can be no compromise in data security S&P. BYOD is not a player here. Consultants' devices must be configured to our standards to connect, or no dice.
Post #1559124
Posted Monday, April 7, 2014 9:23 AM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Today @ 9:07 AM
Points: 5,200, Visits: 2,831
phegedusich (4/7/2014)
When it comes to PCI and financial data, there can be no compromise in data security S&P. BYOD is not a player here. Consultants' devices must be configured to our standards to connect, or no dice.


That is certainly a variant of one of the reasons one can expect it to vary client to client e.g. I cannot imagine that the DoD (or any other equivalent agency) would be any different from the UK's MoD in that all devices must be left in external car parks (not brought on-site) and that all MoD devices must stay exactly on-site (not taken off-site).


Gaz

-- Stop your grinnin' and drop your linen...they're everywhere!!!
Post #1559140
Posted Monday, April 7, 2014 9:32 AM
SSC Journeyman

SSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC Journeyman

Group: General Forum Members
Last Login: Friday, July 25, 2014 3:33 AM
Points: 86, Visits: 230
We have to download an app that encrypts our data and means that IT can wipe our phone if we lose it if we want to get our email and GDocs on it. Worth the hassle of typing a pin to open the phone every time. VPN is great for working at home.

But most users care little for security, so you do have to impose it from on high.
Post #1559143
« Prev Topic | Next Topic »

Add to briefcase 123»»»

Permissions Expand / Collapse