Leaky Data
-
I think this is a pretty good business for the next few years: plugging data leaks. Or at least track down the flow of sensitive data through your organization. It's a tough battle, though the approach given by the article is for an agent based approach that compares data on the client with a list of sensitive data, isn't bad.
The problem with most approaches is that they just can't cover every possibility. Someone will develop a new reporting method, change an application, export things in a new way and the method you thought was protecting you, isn't doing the job anymore.
Data leaks, and it's often a human mistake. Look at Alcatel-Lucent, the TSA, and IBM. There's many more, but these are all examples of data being lost because of a simple human error. Not because of lax security at the firewall, the database, or anywhere in the computer system. And it's relatively rare that it's a breech of computer software that releases this data. Usually it's a stolen laptop.
I'm not sure what the solution is. We've become a very mobile society and I don't think preventing people from working away from the office is the answer. Encryption definitely helps and if you have any sort of sensitive data that replicates to laptops or other mobile devices, you really should use some type of encryption to limit your liabilities. As a DBA, you're limited in what you can do, but make an effort to try and protect the data and not just store things in clear text.
And follow your own advice. Don't download copies of databases for testing or experimentation without obfuscating the data. You never know when you're going to lose the data, so try to be prepared from the beginning.
Editor's Note: Steve is on vacation this week, so he will respond to this when he returns
-
While my company uses a commercial product for encrypting our laptops, we do it. I found an open source product, Truecrypt after we started using the commercial product. It sounds pretty good.
The other consideration is what are your consultants, auditors and such doing as well. We had an incident where the auditors laptop was stolen, most likely for the hardware not data. It was a tiny percentage of customer data, but we still had to advise the customers of this. We have since demanded that any auditors hardware/data that they are given is encrypted in some form or fashion.
----------------
Jim P.A little bit of this and a little byte of that can cause bloatware.
Viewing 2 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply