Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 

Lawsuits and Data Breaches

By Steve Jones,

After the breach of the Target payment systems, a class action lawsuit was filed against the company. The action alleges that Target failed to implement strong enough security. Regardless of the merits of this action, it does bring to light a few things that we, as data professionals, should be aware of.

The first is that if our companies store any PII, financial, medical, or other sensitive data, we need to ensure that our management is aware of potential security pitfalls we see, as well as the possibility for legal action if the data is somehow disclosed. The risk and mitigation actions taken need to be weighed by management, and we should approach this as we might any other upgrade or enhancement to a system. With logic, and rational discussion about the issues, providing guidance and potential solutions.

However we also should be aware that no matter what security efforts we undertake, criminals are going to be finding ways around our defenses. As this piece notes, Target likely had security in place, but it's never going to be enough because the attack vectors and techniques are out-pacing the ability of security techniques to provide protection. The solution, or at least a potential mitigating action, is one that data professionals can help with.

We, and the businesses that employ us, should be incorporating analytics into our defenses to detect abnormal actions, by both external and internal, users. We should be looking for potential ways that data is disclosed, and perhaps even scanning the Internet for potential leaks of data. We won't prevent all problems, but if we can detect them early, we can limit the damage.

Total article views: 113 | Views in the last 30 days: 1
 
Related Articles
ARTICLE

Potential

We often view potential hires based on their potential and not necessarily on their experience. Toda...

ARTICLE

Stairway to SQL Server Security Level 1: Overview of SQL Server Security

The ubiquity of databases and the potentially valuable information stored in them makes them attract...

ARTICLE

We Don't Care about Data and IT Security

Most of us say we care about IT and data security. Our actions speak differently.

ARTICLE

Targeted Index Performance Improvements

This article identifies which indexes are used when T-SQL code runs, and proposes ways of improving ...

FORUM

Analysis Services 2005 Drillthrough Action

AS 2005 Drillthrough Action / Rowset Action

Tags
editorial    
security    
 
Contribute

Join the most active online SQL Server Community

SQL knowledge, delivered daily, free:

Email address:  

You make SSC a better place

As a member of SQLServerCentral, you get free access to loads of fresh content: thousands of articles and SQL scripts, a library of free eBooks, a weekly database news roundup, a great Q & A platform… And it’s our huge, buzzing community of SQL Server Professionals that makes it such a success.

Join us!

Steve Jones
Editor, SQLServerCentral.com

Already a member? Jump in:

Email address:   Password:   Remember me: Forgotten your password?
Steve Jones