SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 

Security Regulations

By Steve Jones,

This story talking about the push for government regulations on security is a little scary at first glance. It seems many of the DBAs in this community are wary of government getting involved in regulating anything in IT, and not without good reasons. Regulations are often compromises, which are inherently flawed in achieving their aims, and usually end up causing more problems than they solve.

However I'm not sure this is a bad idea. How often have we had issues reverberating through the Internet because of insecure computer systems? So many companies pay lip service to the idea of security, especially with their own corporate systems. And home users are even worse, many times not even realizing that they are behind on patches.

However the patches we get are not always of the highest quality. How many times has Microsoft, Oracle, or some other vendor released a patch that causes more problems than it solves? Or breaks your critical systems? While I don't believe it's true anymore, there was a good reason not to upgrade your Microsoft software until SP1 in the past.

I think there is some compromise here. It can't be, and shouldn't necessarily be the legal system, but I think a combination of private groups, places like Secunia or The SANS Institute could provide some basic level of "patchiness" that all machines on the Internet would need to meet. ISPs could help verify this and we could even fine violators and use that money to fund research or testing of software. ISPs could even potentially cut off companies or individuals that hadn't applied their patches. There could even be penalties for vendors releasing patches that were not well tested and caused issues.

It would stillĀ  give the individual choice in terms of which patches they applied and when, but they wouldn't be able to defer forever. However it could, and potentially would, increase the overall security for all citizens on the information superhighway.

Steve Jones


The Voice of the DBA Podcasts

Everyday Jones

The podcast feeds are available at sqlservercentral.mevio.com. Comments are definitely appreciated and wanted, and you can get feeds from there.

You can also follow Steve Jones on Twitter:

Overall RSS Feed: or now on iTunes!

Today's podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music. Support this great duo at www.everydayjones.com.

 
Total article views: 149 | Views in the last 30 days: 3
 
Related Articles
ARTICLE

Patch Week

This week Steve Jones notes there were quite a few patches from Microsoft for a variety of products....

ARTICLE

A Patch Disaster

What would happen if the wrong patches were applied to your database server? The results could be a ...

ARTICLE

The Patch Wild, Wild West

Microsoft might be changing their patching process for applications. This has Steve Jones worried th...

BLOG

Podcasting

A new video setup is on the way!!!! Actually I'll do a couple podcasts on podcasting over the hol...

BLOG

Podcast Upgrades

A minor change for the podcasts next week. I got my wireless microphone, and I'm working with it a b...

Tags
editorial    
security    
 
Contribute