SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


Regulators, Mount Up


Regulators, Mount Up

Author
Message
Big Slim
Big Slim
Forum Newbie
Forum Newbie (4 reputation)Forum Newbie (4 reputation)Forum Newbie (4 reputation)Forum Newbie (4 reputation)Forum Newbie (4 reputation)Forum Newbie (4 reputation)Forum Newbie (4 reputation)Forum Newbie (4 reputation)

Group: General Forum Members
Points: 4 Visits: 77
So, the topic of data encryption comes up every day in my daily duties. More so than earlier in my travels when folks were oblivious to what was stored in the data layer nor cared about how it was stored, just who and what systems had access to "the data". I'm now delighted to hear business units actively address secure data access AND encrypted data. One of the most surprising dialogs was between a VP of Marketing (whose interest was in mining customer data), a 3rd party resource (who was designing the middleware) and architects actually PLANNING to improve the data hardware to compensate for overhead need to encrypt data as well as designating what data elements needed to be encrypted.

How does this help me as the DBA in these instances? It's a excellent step towards insuring that whatever measures we take to secure the data are understood and done with a suitable level of transparency that everyone in the project is comfortable with and that's a good thing.

I'm only saying this to say that increased awareness and implementation of encryption, albeit a bit more work, is an excellent topic well worth the resources spent.

By the by, kudos for the song references. Still don't think this album got the recognition it
deserves may throw it on the playlist-of-the-day just because...
David.Poole
David.Poole
SSCertifiable
SSCertifiable (7.9K reputation)SSCertifiable (7.9K reputation)SSCertifiable (7.9K reputation)SSCertifiable (7.9K reputation)SSCertifiable (7.9K reputation)SSCertifiable (7.9K reputation)SSCertifiable (7.9K reputation)SSCertifiable (7.9K reputation)

Group: General Forum Members
Points: 7875 Visits: 3290
Its amazing what happens if you wave the possiblity of nuking old dead systems in front of a DBA. Their wrinkles vanish, an unfamiliar expression (happy smile) crosses there face and they hit keys faster than a teenager in a Halo death match.

I suspect I may have started something here!

LinkedIn Profile

Newbie on www.simple-talk.com
Steve Jones
Steve Jones
SSC Guru
SSC Guru (64K reputation)SSC Guru (64K reputation)SSC Guru (64K reputation)SSC Guru (64K reputation)SSC Guru (64K reputation)SSC Guru (64K reputation)SSC Guru (64K reputation)SSC Guru (64K reputation)

Group: Administrators
Points: 64587 Visits: 19118
One note on encryption. I heard a discussion from some devs and architects that were under the impression that encryption would prevent sql injection issues. Not likely to happen, so be sure that good coding practices are still being followed.

Follow me on Twitter: @way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
TravisDBA
TravisDBA
SSCrazy
SSCrazy (2K reputation)SSCrazy (2K reputation)SSCrazy (2K reputation)SSCrazy (2K reputation)SSCrazy (2K reputation)SSCrazy (2K reputation)SSCrazy (2K reputation)SSCrazy (2K reputation)

Group: General Forum Members
Points: 2038 Visits: 3069
It's not just unencrypted data that auditors ding you on nowadays. Wearing many hats at once and doing things outside your job description can definitely get you dinged as well. SarBox standards are very picky on this nowadays..For example, we had an IT guy once caught moving furniture around in his cube and the auditors jumped all over that with managment and the man was reprimanded over it. Not in his job description, don't do it again. If you are a little shop you can still get away with a "Jack-of-all-trades" guy (I don't know for how long though), but that is no longer permitted at most larger shops or government agencies that fall under the strict auditing standards of today. Heck, the auditors dinged us for having our production clusters on the second node, left there after a failover!!!!! Picky, picky...:-D

"Technology is a weird thing. It brings you great gifts with one hand, and it stabs you in the back with the other. ...:-D"
John Hanrahan
John Hanrahan
SSC Eights!
SSC Eights! (821 reputation)SSC Eights! (821 reputation)SSC Eights! (821 reputation)SSC Eights! (821 reputation)SSC Eights! (821 reputation)SSC Eights! (821 reputation)SSC Eights! (821 reputation)SSC Eights! (821 reputation)

Group: General Forum Members
Points: 821 Visits: 1464
I have been through several SOX audits and have never heard of that. I would have have said stick it, see the job description says "and other duties as required" which I think is in every single job description I have seen for years. The whole point of SOX is to document what you do and how you do it and make sure everyone knows (including shareholders and regulators). It has always seemed overblown to me. Next they'll say you can't get up to get water to quench your thirst because you have to operate the water fountain.
Michael Valentine Jones
Michael Valentine Jones
SSCertifiable
SSCertifiable (5.9K reputation)SSCertifiable (5.9K reputation)SSCertifiable (5.9K reputation)SSCertifiable (5.9K reputation)SSCertifiable (5.9K reputation)SSCertifiable (5.9K reputation)SSCertifiable (5.9K reputation)SSCertifiable (5.9K reputation)

Group: General Forum Members
Points: 5918 Visits: 11771
TravisDBA (11/28/2012)
It's not just unencrypted data that auditors ding you on nowadays. Wearing many hats at once and doing things outside your job description can definitely get you dinged as well. SarBox standards are very picky on this nowadays..For example, we had an IT guy once caught moving furniture around in his cube and the auditors jumped all over that with managment and the man was reprimanded over it. Not in his job description, don't do it again. If you are a little shop you can still get away with a "Jack-of-all-trades" guy (I don't know for how long though), but that is no longer permitted at most larger shops or government agencies that fall under the strict auditing standards of today. Heck, the auditors dinged us for having our production clusters on the second node, left there after a failover!!!!! Picky, picky...:-D


My impression is that most "auditors" have no idea what they are doing, and just make things up like "no moving furniture if it isn't in your job description".
TravisDBA
TravisDBA
SSCrazy
SSCrazy (2K reputation)SSCrazy (2K reputation)SSCrazy (2K reputation)SSCrazy (2K reputation)SSCrazy (2K reputation)SSCrazy (2K reputation)SSCrazy (2K reputation)SSCrazy (2K reputation)

Group: General Forum Members
Points: 2038 Visits: 3069
John Hanrahan (11/28/2012)[hr:-D]I have been through several SOX audits and have never heard of that. I would have have said stick it, see the job description says "and other duties as requir:-Ded" which I think is in every single job description I have seen for years. The whole point of SOX is to document what you do and how you do it an:-DWwwd make sure everyone knows (including shareholders and regulators). It has always seemed overblown to me. Next they'll say you can't get up to get water to quench your thirst because you have to operate the water fountain.


Have you ever worked for the government lately?

"Technology is a weird thing. It brings you great gifts with one hand, and it stabs you in the back with the other. ...:-D"
Jeff Moden
Jeff Moden
SSC Guru
SSC Guru (88K reputation)SSC Guru (88K reputation)SSC Guru (88K reputation)SSC Guru (88K reputation)SSC Guru (88K reputation)SSC Guru (88K reputation)SSC Guru (88K reputation)SSC Guru (88K reputation)

Group: General Forum Members
Points: 88588 Visits: 41130
David.Poole (11/28/2012)
Regulation is a cloud that can have a bright silver lining.

Lets suppose that you have old systems ridden with tech debt and propped up by manual processes.
Those powers that be are so used to the situation that the idea that the tech debt or the manual processes are a problem just doesn't register. They are chasing the new shiny ball.

All of a sudden regulation comes along and lifts up the rock and shines a bright light underneath it and reveals the superating horrors squirming underneath!

Too many people have too much access to too much data almost certainly meaning a failed regulatory audit.
All of a sudden you have the impetus and support to fix a load of old problems and simplify the way your systems work. Do this well and not only will you pass regulatory inspection but you will also demonstrate the art of the possible, how good things could be if the prime focus was delivering something maintainable, scalable, flexible.


+1000

I just went through a post where the OP (a DBA) was feeling a bit hog-tied because the company required even him to do "change controls" for most things. I told him to revel in the process and that they hopefully have a ticketing system where he can enter what he does. It's a rare opportunity for his chain of command to actually find out what the hell a DBA does all day and to be able to "brag" about it without seeming like a "brown noser".

For those of you reeling from the idea, it takes only a minute or two to open a ticket, get permission to proceed, and close the ticket leaving a trail of undisolvable breadcrumbs that will come in mighty handy at review time. ;-)

--Jeff Moden

RBAR is pronounced ree-bar and is a Modenism for Row-By-Agonizing-Row.
First step towards the paradigm shift of writing Set Based code:
Stop thinking about what you want to do to a row... think, instead, of what you want to do to a column.
If you think its expensive to hire a professional to do the job, wait until you hire an amateur. -- Red Adair

Helpful Links:
How to post code problems
How to post performance problems
Forum FAQs
Jeff Moden
Jeff Moden
SSC Guru
SSC Guru (88K reputation)SSC Guru (88K reputation)SSC Guru (88K reputation)SSC Guru (88K reputation)SSC Guru (88K reputation)SSC Guru (88K reputation)SSC Guru (88K reputation)SSC Guru (88K reputation)

Group: General Forum Members
Points: 88588 Visits: 41130
Michael Valentine Jones (11/28/2012)
TravisDBA (11/28/2012)
It's not just unencrypted data that auditors ding you on nowadays. Wearing many hats at once and doing things outside your job description can definitely get you dinged as well. SarBox standards are very picky on this nowadays..For example, we had an IT guy once caught moving furniture around in his cube and the auditors jumped all over that with managment and the man was reprimanded over it. Not in his job description, don't do it again. If you are a little shop you can still get away with a "Jack-of-all-trades" guy (I don't know for how long though), but that is no longer permitted at most larger shops or government agencies that fall under the strict auditing standards of today. Heck, the auditors dinged us for having our production clusters on the second node, left there after a failover!!!!! Picky, picky...:-D


My impression is that most "auditors" have no idea what they are doing, and just make things up like "no moving furniture if it isn't in your job description".




I can't help moving furniture. I'm old and it just happens every time I have a bout with gas. :-P

--Jeff Moden

RBAR is pronounced ree-bar and is a Modenism for Row-By-Agonizing-Row.
First step towards the paradigm shift of writing Set Based code:
Stop thinking about what you want to do to a row... think, instead, of what you want to do to a column.
If you think its expensive to hire a professional to do the job, wait until you hire an amateur. -- Red Adair

Helpful Links:
How to post code problems
How to post performance problems
Forum FAQs
John Hanrahan
John Hanrahan
SSC Eights!
SSC Eights! (821 reputation)SSC Eights! (821 reputation)SSC Eights! (821 reputation)SSC Eights! (821 reputation)SSC Eights! (821 reputation)SSC Eights! (821 reputation)SSC Eights! (821 reputation)SSC Eights! (821 reputation)

Group: General Forum Members
Points: 821 Visits: 1464
It has been 15 years since I have gotten a gov contract. I suppose you are going to tell me it is really that bad. :-D
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search