Compliance Tips
-
Compliance TipsSecurity has been in the news quite a bit lately. Starting with the IE flaws and continuing through a variety of other areas, it seems everyday has some type of security headline. I know it comes in waves because August and most of September was relatively quiet. Or maybe the HP thing overshadowed security news.
In any case, I caught this article on compliance tips and it struck a bell with me. Not because I need to comply with SOX, HIPAA, or any of the European regulations, but I still have not-so-fond memories of the first year of SOX when we worked like crazy in one company, and then again when we were acquired by another to meet the needs of this legislation.
There's some good tips here, the first of which is not to ignore things. I'm sure most people in regulated companies aren't ignoring the requirements, but there might be people that think their systems won't get looked into. The great example given is that the auditors are slowly working through the systems and your lower level IT functions might be next. Since DBAs work with the entire structure from the end user data to the storage on tape, they should be sure their entire infrastructure has been examined.
Another good piece of advice is to setup a single infrastructure. I've always been more in favor of this type of system, reusing work where possible, providing you don't short cut one set of requirements to meet two others. If something requires a bit more work to properly handle all requirements, take the time. I know it's work, but it pays off.
There's other advice, one of which is to get rid of tape to avoid issues. That one makes me worry, especially with the large amounts of database data that we need to store. It's not usually stored for long, after a week it may not be practical to restore anymore, but it still needs to be offsite.
I'd disagree here with the advice. I think we still need tape, or large disks offsite, but we need to invest in a better mechanism for securing the data. For SQL Server, that means you want encryption, which most of the backup vendors offer.
That also means developing a strong password infrastructure for tape backups. After all, using the same password for years on your backup tapes might be as bad as using no password at all.
Steve Jones
-
This was removed by the editor as SPAM
Compliance TipsViewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply