<a href="http://g.adspeed.net/ad.php?do=clk&zid=15220&wd=468&ht=60&pair=as" target="_blank"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=15220&wd=468&ht=60&pair=as" alt="i" width="468" height="60"/></a>
Log in
::
Register
::
Not logged in
Home
Tags
Articles
Editorials
Stairways
Forums
Scripts
Videos
Blogs
QotD
Books
Ask SSC
SQL Jobs
Training
Authors
About us
Contact us
Newsletters
Write for us
<a href="http://g.adspeed.net/ad.php?do=clk&zid=15491&wd=120&ht=300&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=15491&wd=120&ht=300&pair=as" alt="i" width="120" height="300"/></a>
Recent Posts
Recent Posts
Popular Topics
Popular Topics
Home
Search
Members
Calendar
Who's On
Home
»
SQLServerCentral.com
»
Editorials
»
Who Watches the Watchers?
33 posts, Page 1 of 4
1
2
3
4
»
»»
Who Watches the Watchers?
Rate Topic
Display Mode
Topic Options
Author
Message
Brandie Tarvin
Brandie Tarvin
Posted Wednesday, December 02, 2009 9:04 PM
SSCertifiable
Group: General Forum Members
Last Login: Today @ 8:12 AM
Points: 6,664,
Visits: 5,691
Comments posted to this topic are about the item
Who Watches the Watchers?
Brandie Tarvin, MCITP Database Administrator, MCDBA, MCSA
Webpage
:
http://www.BrandieTarvin.net
LiveJournal Blog
:
http://brandietarvin.livejournal.com/
On
LinkedIn!
,
Google+
, and
Twitter
.
Freelance Writer:
Shadowrun
Latchkeys: Nevermore
,
Latchkeys: The Bootleg War
, and
Latchkeys: Roscoes in the Night
are now available on Nook and Kindle.
Post #827917
Elliott Whitlow
Elliott Whitlow
Posted Wednesday, December 02, 2009 9:22 PM
SSCertifiable
Group: General Forum Members
Last Login: Wednesday, April 24, 2013 12:02 PM
Points: 5,854,
Visits: 4,873
On one side I somewhat agree with the concept of seperation of duties, the problem is that I have seen it taken WAY too far, particularly in big companies and not far enough in little ones. The big companies tend to be risk adverse so they throw money, people, policy, and tech at it, especially if they are in a regulated industry. But the problem is that all these systems really do is keep honest people honest, the guy who is coming in with the plan to steal from you is not going to be deterred and in most cases you aren't going to know what hit you until later. Also in big companies, the DBA isn't the watcher, there is often a group (or two) above them that watches, they often go by names like Compliance and they tend to watch the whole infrastructure as well, from the network switch to the machine, to the database..
CEWII
Post #827922
Mark Dalley
Mark Dalley
Posted Thursday, December 03, 2009 5:31 AM
SSC Rookie
Group: General Forum Members
Last Login: Thursday, May 16, 2013 4:57 AM
Points: 39,
Visits: 788
Of course, separating duties can help a lot by decreasing the opportunity for, and temptation to, wrongdoing. But regulations don't, and can't, solve the basic problem.
If one defines "human nature" as "what humans do naturally, i.e. when they think no-one is looking / in private / anonymously / if they think there will be no inconvenient consequences", the need for allegiance to a higher ideal than mere self is obvious.
And regarding the Romans, it wasn't as if they weren't aware of the problem. As Juvenal remarked: Quis custodiet ipsos custodes?
Who, indeed?
Mark Dalley
Post #828073
Raju Lalvani
Raju Lalvani
Posted Thursday, December 03, 2009 5:47 AM
Grasshopper
Group: General Forum Members
Last Login: Tuesday, April 23, 2013 6:51 AM
Points: 22,
Visits: 144
Who watches the Watcher who watches..... How many levels can one go to?
History has shown that a person who is determined to steal will steal. IT has made it even more easier to steal data, instead of stealing physical documents which would consumes lots of space, a pen drive can be used to steal large amounts of data.
I agree human nature is such that what we do when no one is looking is different than when someone is looking.
Post #828084
Grant Fritchey
Grant Fritchey
Posted Thursday, December 03, 2009 5:52 AM
SSChampion
Group: General Forum Members
Last Login: Today @ 8:05 AM
Points: 13,382,
Visits: 25,181
What, no video?
Excellent editorial. The link seems to be missing to the T-Mobile story in the UK. Any chance of posting it?
We're working with a tough piece of software. SQL Server has made so much of the basic parts of database administration blindingly easy. So it doesn't appear that it needs the kind of specialist that's just assumed with an Oracle or DB2 database. The fact is, it needs a gate-keeper just as much as it needs someone who knows how it works to make sure everything is working correctly.
Oh, and nice draw on the Roman Empire collapse. Some mention of Vercingetorix was in order though.
----------------------------------------------------
"The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood..." Theodore Roosevelt
The Scary DBA
Author of:
SQL Server 2012 Query Performance Tuning
SQL Server 2008 Query Performance Tuning Distilled
and
SQL Server Execution Plans
Product Evangelist for
Red Gate Software
Post #828086
blandry
blandry
Posted Thursday, December 03, 2009 6:02 AM
Old Hand
Group: General Forum Members
Last Login: Monday, May 07, 2012 9:23 AM
Points: 304,
Visits: 716
Excellent editorial Brandie and right on the mark!
The problem really, is that data is an asset to any company and yet decades into the computer revolution most executives and managers don't think of it that way. Sure, company higher ups will give speeches about the importance and value of data, but they do not know let alone understand the particulars of managing and if you will, sheparding data.
I saw this time and time again during my days in the technical trenches and then when I rose through the management ranks, frankly, it only got worse. For example, I remember in one job I worked the DBA quit and the company directors kept pushing to move one of the younger, (very much) less experienced guys into the position. When I argued that data was an important asset and we needed an experienced, qualified DBA, well, I was shot down. Directors saw it as merely filling a role, or in the vernacular, getting a warm backside into an empty chair.
If you look deeper into some of the recent data theft incidents such as the hijacking of TJX Corporation's data, what you find is just that. Someone is acting as the DBA when really, they are not a DBA and lack the vital skills necessary to protect data.
For years I have whined on about some definitive measure of what a DBA is, and as your editorial assists in pointing out, that measure is still remains decades overdue.
There's no such thing as dumb questions, only poorly thought-out answers...
Post #828089
laurav
laurav
Posted Thursday, December 03, 2009 6:03 AM
SSC-Enthusiastic
Group: General Forum Members
Last Login: Wednesday, February 13, 2013 5:56 AM
Points: 104,
Visits: 154
Great editorial. I had been trying to make the same argument at a "smaller" company (that I left) - we need safeguards in place. As a DBA, I *want* those. I do have the keys to the kingdom, in a way, but there should be some checks and balances. I would tell my managers and IT security folks what I was doing and why, and they would look at me as though I had two heads. I view checks/balances as my safety net too.
Here is the link for the TMobile security breach:
http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1374722,00.html#
Post #828090
Brandie Tarvin
Brandie Tarvin
Posted Thursday, December 03, 2009 6:08 AM
SSCertifiable
Group: General Forum Members
Last Login: Today @ 8:12 AM
Points: 6,664,
Visits: 5,691
Grant Fritchey (12/3/2009)
Excellent editorial. The link seems to be missing to the T-Mobile story in the UK. Any chance of posting it?
Sorry about that. This is the same link Steve posted in an editorial a week or two ago:
The T-Mobile Article
Brandie Tarvin, MCITP Database Administrator, MCDBA, MCSA
Webpage
:
http://www.BrandieTarvin.net
LiveJournal Blog
:
http://brandietarvin.livejournal.com/
On
LinkedIn!
,
Google+
, and
Twitter
.
Freelance Writer:
Shadowrun
Latchkeys: Nevermore
,
Latchkeys: The Bootleg War
, and
Latchkeys: Roscoes in the Night
are now available on Nook and Kindle.
Post #828091
Brandie Tarvin
Brandie Tarvin
Posted Thursday, December 03, 2009 6:23 AM
SSCertifiable
Group: General Forum Members
Last Login: Today @ 8:12 AM
Points: 6,664,
Visits: 5,691
laurav (12/3/2009)
I would tell my managers and IT security folks what I was doing and why, and they would look at me as though I had two heads. I view checks/balances as my safety net too.
There's something to be said about CYA. But it's not just you you're covering when you do that sort of thing. I think the problem is that corporate officials don't always realize (until you get to the stratospheric heights of management) that data loss and data theft is a
monetary
issue. 1s and 0s don't count for much. It's *just* information.
But if you start putting a dollar amount on the issue, it might help draw attention to your plight.
Here are the things I would start adding monetary values to: bad publicity, legal fees, paying for the customer's credit monitoring for the next X number of years, losing market share, re-training employees (or getting new ones) and the possible cost of hardware improvements (wireless credit card machines broadcasting in the clear, anyone?).
Hand them that invoice, and I guarantee they'll either think you're crazy or finally sit up and take notice.
Brandie Tarvin, MCITP Database Administrator, MCDBA, MCSA
Webpage
:
http://www.BrandieTarvin.net
LiveJournal Blog
:
http://brandietarvin.livejournal.com/
On
LinkedIn!
,
Google+
, and
Twitter
.
Freelance Writer:
Shadowrun
Latchkeys: Nevermore
,
Latchkeys: The Bootleg War
, and
Latchkeys: Roscoes in the Night
are now available on Nook and Kindle.
Post #828100
Grant Fritchey
Grant Fritchey
Posted Thursday, December 03, 2009 6:24 AM
SSChampion
Group: General Forum Members
Last Login: Today @ 8:05 AM
Points: 13,382,
Visits: 25,181
laurav (12/3/2009)
Great editorial. I had been trying to make the same argument at a "smaller" company (that I left) - we need safeguards in place. As a DBA, I *want* those. I do have the keys to the kingdom, in a way, but there should be some checks and balances. I would tell my managers and IT security folks what I was doing and why, and they would look at me as though I had two heads. I view checks/balances as my safety net too.
Here is the link for the TMobile security breach:
http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1374722,00.html#
Thanks again. I missed that article. Man, that's messed up. No details though. Was the guy in IT or just some sales puke with WAY too much access? Perfect example for your editorial though.
----------------------------------------------------
"The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood..." Theodore Roosevelt
The Scary DBA
Author of:
SQL Server 2012 Query Performance Tuning
SQL Server 2008 Query Performance Tuning Distilled
and
SQL Server Execution Plans
Product Evangelist for
Red Gate Software
Post #828102
« Prev Topic
|
Next Topic »
33 posts, Page 1 of 4
1
2
3
4
»
»»
Permissions
You
cannot
post new topics.
You
cannot
post topic replies.
You
cannot
post new polls.
You
cannot
post replies to polls.
You
cannot
edit your own topics.
You
cannot
delete your own topics.
You
cannot
edit other topics.
You
cannot
delete other topics.
You
cannot
edit your own posts.
You
cannot
edit other posts.
You
cannot
delete your own posts.
You
cannot
delete other posts.
You
cannot
post events.
You
cannot
edit your own events.
You
cannot
edit other events.
You
cannot
delete your own events.
You
cannot
delete other events.
You
cannot
send private messages.
You
cannot
send emails.
You
may
read topics.
You
cannot
rate topics.
You
cannot
vote within polls.
You
cannot
upload attachments.
You
may
download attachments.
You
cannot
post HTML code.
You
cannot
edit HTML code.
You
cannot
post IFCode.
You
cannot
post JavaScript.
You
cannot
post EmotIcons.
You
cannot
post or upload images.
Copyright © 2002-2013 Simple Talk Publishing. All Rights Reserved.
Privacy Policy.
Terms of Use.
Report Abuse.
