djackson 22568 (6/26/2013)

---

Eric M Russell (6/26/2013)

---

I don't think that Microsoft can be faulted for insecure data. The database, network, and operating system framework that Microsoft has provided us is solid when it comes to security. For example, I've heard from security experts that SQL Server is much easier to lock down and has had fewer security holes when compared to Oracle and other products.

Data security is also not about decisions made by the board of directors at the organzation.

Really, if you look at news stories about data breaches, the plot is the same:

1. Some guy who couldn't be trusted had unrestricted access to the database

2. SQL injection

3. Some developer copied down the database to their laptop and then lost it.

These things can be prevented using role based security, properly coded SQL in the application, and enforcing restriction policies on the windows workstations. Microsoft has given is the tools we need.

I hate to say it, but it's mostly about ignorance on the part of IT staff, primarily the developers and DBA.

Not what I said. What I said was Microsoft changed the game. Developers are partly at fault, but Microsoft changes their design requirements as often as some people change shoes! I do feel for the developers who have to completely redesign something because some idiot in Marketing at Microsoft thinks they can make more money by doing something different. I also feel for them when changes are made to make products more secure. I hate to say it, but the fact remains that Microsoft originally left out any thoughts about making things secure, and only recently made progress on that front, so yes, they are partly to blame. I am by no means a hater of Microsoft, but I am not going to sugar coat things either.

There are many reasons behind these issues, not just lazy developers.