I saw this post recently about security and preparing for a data breach. The title caught my eye because it implies that we're all doomed. Do the rest of you think that? Is it a question of when we'll have a security breach not if?
Given the headlines, the news we find out about companies not disclosing security issues, the back doors and poor code in much software, is it any wonder that people think it's a "when" and not an "if"? Given the lack of realization from many companies that suffer incidents that they were even attacked, perhaps that's an assumption worth making.
We've been hacked at SQLServerCentral in the past. I don't think we've been hacked in many years, but I also have no way of knowing. That's the difficult part of dealing with bits. If they get copied, there's not necessarily a trace of anything amiss. It's quite possible that many of us have no idea that our bits are being copied. Every read is a copy of data and how long did the NSA read data without most of us being aware? How sure are we that they, or some other organization, hasn't been reading much more than was disclosed?
I'd hate to think that our systems are so porous that we're all likely to get hacked at some point. It's probably technically possible, but hopefully not likely for most of us. However we should consider that it will happen and ensure we have some handle on our data security. It's hard, and complex for most of us, and I'd like to think that Microsoft will recognize this and build better controls and features into future versions of Windows and SQL Server that enable easier auditing, granular controls and separation of duties.