SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


Data Security Policies


Data Security Policies

Author
Message
Steve Jones
Steve Jones
SSC Guru
SSC Guru (250K reputation)SSC Guru (250K reputation)SSC Guru (250K reputation)SSC Guru (250K reputation)SSC Guru (250K reputation)SSC Guru (250K reputation)SSC Guru (250K reputation)SSC Guru (250K reputation)

Group: Administrators
Points: 250752 Visits: 19814
Comments posted to this topic are about the item Data Security Policies

Follow me on Twitter: @way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
Yet Another DBA
Yet Another DBA
SSCommitted
SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)

Group: General Forum Members
Points: 1629 Visits: 1246
Does your organization have some policy around data security on mobile devices?

Only 1 company in the last 10 has. Others have pretended

Do your fellow employees care about data security?

Totally the opposite.
Developers see data security as an anti-requirement.
Bosses dont want to understand or dont want to upset their bosses
And a pseudo dba is the worse abuser of privacy
And a previous dba was partially responsible for a large data breach cos he was following orders and data security was not his thing!

And people wonder why I'm sceptical...
Gary Varga
Gary Varga
SSC-Dedicated
SSC-Dedicated (38K reputation)SSC-Dedicated (38K reputation)SSC-Dedicated (38K reputation)SSC-Dedicated (38K reputation)SSC-Dedicated (38K reputation)SSC-Dedicated (38K reputation)SSC-Dedicated (38K reputation)SSC-Dedicated (38K reputation)

Group: General Forum Members
Points: 38438 Visits: 6562
Most clients of mine start off with a default policy of no devices allowed. They all seem to move through locked down VPN-enabled laptops and Blackberrys for email. Most are still at this stage. Occasionally, I have been allowed either VPN access from non-company equipment or access to services over HTTP (HTTPS to be more accurate) such as source control systems.

As more and more services are getting to be hosted remotely, and sometimes by third parties, and accessed allowed via anywhere on the Internet, I expect that more and more non-company supplied hardware access to be utilised. The security will be more and more based on secured creditials rather than secured hardware.

Gaz

-- Stop your grinnin' and drop your linen...they're everywhere!!!
skanker
skanker
SSCommitted
SSCommitted (1.7K reputation)SSCommitted (1.7K reputation)SSCommitted (1.7K reputation)SSCommitted (1.7K reputation)SSCommitted (1.7K reputation)SSCommitted (1.7K reputation)SSCommitted (1.7K reputation)SSCommitted (1.7K reputation)

Group: General Forum Members
Points: 1665 Visits: 1385
It is the threat of a fine that seems to push security work in my organisation. Not the proactive aim of actually looking after data because it is the correct thing to be doing. :-)
Cody Konior
Cody Konior
SSCrazy
SSCrazy (2K reputation)SSCrazy (2K reputation)SSCrazy (2K reputation)SSCrazy (2K reputation)SSCrazy (2K reputation)SSCrazy (2K reputation)SSCrazy (2K reputation)SSCrazy (2K reputation)

Group: General Forum Members
Points: 2033 Visits: 1111
Yet Another DBA (4/7/2014)
Only 1 company in the last 10 has. Others have pretended

And people wonder why I'm sceptical...


You have all my feels. I feel like we're kindred spirits. Can we be friends?
jay-h
jay-h
SSCertifiable
SSCertifiable (6.1K reputation)SSCertifiable (6.1K reputation)SSCertifiable (6.1K reputation)SSCertifiable (6.1K reputation)SSCertifiable (6.1K reputation)SSCertifiable (6.1K reputation)SSCertifiable (6.1K reputation)SSCertifiable (6.1K reputation)

Group: General Forum Members
Points: 6069 Visits: 2443
Personally I keep my devices and company devices completely separate. Better for both parties.

...

-- FORTRAN manual for Xerox Computers --
Gary Varga
Gary Varga
SSC-Dedicated
SSC-Dedicated (38K reputation)SSC-Dedicated (38K reputation)SSC-Dedicated (38K reputation)SSC-Dedicated (38K reputation)SSC-Dedicated (38K reputation)SSC-Dedicated (38K reputation)SSC-Dedicated (38K reputation)SSC-Dedicated (38K reputation)

Group: General Forum Members
Points: 38438 Visits: 6562
jay-h (4/7/2014)
Personally I keep my devices and company devices completely separate. Better for both parties.


Works for employees but not necessarily for consultants, contractors, freelancers and other 3rd parties who, sometimes, use their own equipment. I used to find that freelance work was always simply on site and with that company's hardware and software over their own network. In recent years it varies from client to client.

Gaz

-- Stop your grinnin' and drop your linen...they're everywhere!!!
phegedusich
phegedusich
SSC-Addicted
SSC-Addicted (408 reputation)SSC-Addicted (408 reputation)SSC-Addicted (408 reputation)SSC-Addicted (408 reputation)SSC-Addicted (408 reputation)SSC-Addicted (408 reputation)SSC-Addicted (408 reputation)SSC-Addicted (408 reputation)

Group: General Forum Members
Points: 408 Visits: 531
When it comes to PCI and financial data, there can be no compromise in data security S&P. BYOD is not a player here. Consultants' devices must be configured to our standards to connect, or no dice.
Gary Varga
Gary Varga
SSC-Dedicated
SSC-Dedicated (38K reputation)SSC-Dedicated (38K reputation)SSC-Dedicated (38K reputation)SSC-Dedicated (38K reputation)SSC-Dedicated (38K reputation)SSC-Dedicated (38K reputation)SSC-Dedicated (38K reputation)SSC-Dedicated (38K reputation)

Group: General Forum Members
Points: 38438 Visits: 6562
phegedusich (4/7/2014)
When it comes to PCI and financial data, there can be no compromise in data security S&P. BYOD is not a player here. Consultants' devices must be configured to our standards to connect, or no dice.


That is certainly a variant of one of the reasons one can expect it to vary client to client e.g. I cannot imagine that the DoD (or any other equivalent agency) would be any different from the UK's MoD in that all devices must be left in external car parks (not brought on-site) and that all MoD devices must stay exactly on-site (not taken off-site).

Gaz

-- Stop your grinnin' and drop your linen...they're everywhere!!!
Freddie-304292
Freddie-304292
SSC-Enthusiastic
SSC-Enthusiastic (182 reputation)SSC-Enthusiastic (182 reputation)SSC-Enthusiastic (182 reputation)SSC-Enthusiastic (182 reputation)SSC-Enthusiastic (182 reputation)SSC-Enthusiastic (182 reputation)SSC-Enthusiastic (182 reputation)SSC-Enthusiastic (182 reputation)

Group: General Forum Members
Points: 182 Visits: 268
We have to download an app that encrypts our data and means that IT can wipe our phone if we lose it if we want to get our email and GDocs on it. Worth the hassle of typing a pin to open the phone every time. VPN is great for working at home.

But most users care little for security, so you do have to impose it from on high.
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum







































































































































































SQLServerCentral


Search