SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


Data Security Policies


Data Security Policies

Author
Message
Steve Jones
Steve Jones
SSC Guru
SSC Guru (81K reputation)SSC Guru (81K reputation)SSC Guru (81K reputation)SSC Guru (81K reputation)SSC Guru (81K reputation)SSC Guru (81K reputation)SSC Guru (81K reputation)SSC Guru (81K reputation)

Group: Administrators
Points: 81748 Visits: 19211
Comments posted to this topic are about the item Data Security Policies

Follow me on Twitter: @way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
Yet Another DBA
Yet Another DBA
SSChasing Mays
SSChasing Mays (654 reputation)SSChasing Mays (654 reputation)SSChasing Mays (654 reputation)SSChasing Mays (654 reputation)SSChasing Mays (654 reputation)SSChasing Mays (654 reputation)SSChasing Mays (654 reputation)SSChasing Mays (654 reputation)

Group: General Forum Members
Points: 654 Visits: 1239
Does your organization have some policy around data security on mobile devices?

Only 1 company in the last 10 has. Others have pretended

Do your fellow employees care about data security?

Totally the opposite.
Developers see data security as an anti-requirement.
Bosses dont want to understand or dont want to upset their bosses
And a pseudo dba is the worse abuser of privacy
And a previous dba was partially responsible for a large data breach cos he was following orders and data security was not his thing!

And people wonder why I'm sceptical...
Gary Varga
Gary Varga
SSCoach
SSCoach (19K reputation)SSCoach (19K reputation)SSCoach (19K reputation)SSCoach (19K reputation)SSCoach (19K reputation)SSCoach (19K reputation)SSCoach (19K reputation)SSCoach (19K reputation)

Group: General Forum Members
Points: 19655 Visits: 6534
Most clients of mine start off with a default policy of no devices allowed. They all seem to move through locked down VPN-enabled laptops and Blackberrys for email. Most are still at this stage. Occasionally, I have been allowed either VPN access from non-company equipment or access to services over HTTP (HTTPS to be more accurate) such as source control systems.

As more and more services are getting to be hosted remotely, and sometimes by third parties, and accessed allowed via anywhere on the Internet, I expect that more and more non-company supplied hardware access to be utilised. The security will be more and more based on secured creditials rather than secured hardware.

Gaz

-- Stop your grinnin' and drop your linen...they're everywhere!!!
skanker
skanker
Ten Centuries
Ten Centuries (1.2K reputation)Ten Centuries (1.2K reputation)Ten Centuries (1.2K reputation)Ten Centuries (1.2K reputation)Ten Centuries (1.2K reputation)Ten Centuries (1.2K reputation)Ten Centuries (1.2K reputation)Ten Centuries (1.2K reputation)

Group: General Forum Members
Points: 1227 Visits: 1385
It is the threat of a fine that seems to push security work in my organisation. Not the proactive aim of actually looking after data because it is the correct thing to be doing. :-)
Cody Konior
Cody Konior
Mr or Mrs. 500
Mr or Mrs. 500 (523 reputation)Mr or Mrs. 500 (523 reputation)Mr or Mrs. 500 (523 reputation)Mr or Mrs. 500 (523 reputation)Mr or Mrs. 500 (523 reputation)Mr or Mrs. 500 (523 reputation)Mr or Mrs. 500 (523 reputation)Mr or Mrs. 500 (523 reputation)

Group: General Forum Members
Points: 523 Visits: 1108
Yet Another DBA (4/7/2014)
Only 1 company in the last 10 has. Others have pretended

And people wonder why I'm sceptical...


You have all my feels. I feel like we're kindred spirits. Can we be friends?
jay-h
jay-h
SSCrazy
SSCrazy (2.3K reputation)SSCrazy (2.3K reputation)SSCrazy (2.3K reputation)SSCrazy (2.3K reputation)SSCrazy (2.3K reputation)SSCrazy (2.3K reputation)SSCrazy (2.3K reputation)SSCrazy (2.3K reputation)

Group: General Forum Members
Points: 2347 Visits: 2339
Personally I keep my devices and company devices completely separate. Better for both parties.

...

-- FORTRAN manual for Xerox Computers --
Gary Varga
Gary Varga
SSCoach
SSCoach (19K reputation)SSCoach (19K reputation)SSCoach (19K reputation)SSCoach (19K reputation)SSCoach (19K reputation)SSCoach (19K reputation)SSCoach (19K reputation)SSCoach (19K reputation)

Group: General Forum Members
Points: 19655 Visits: 6534
jay-h (4/7/2014)
Personally I keep my devices and company devices completely separate. Better for both parties.


Works for employees but not necessarily for consultants, contractors, freelancers and other 3rd parties who, sometimes, use their own equipment. I used to find that freelance work was always simply on site and with that company's hardware and software over their own network. In recent years it varies from client to client.

Gaz

-- Stop your grinnin' and drop your linen...they're everywhere!!!
phegedusich
phegedusich
SSC-Enthusiastic
SSC-Enthusiastic (176 reputation)SSC-Enthusiastic (176 reputation)SSC-Enthusiastic (176 reputation)SSC-Enthusiastic (176 reputation)SSC-Enthusiastic (176 reputation)SSC-Enthusiastic (176 reputation)SSC-Enthusiastic (176 reputation)SSC-Enthusiastic (176 reputation)

Group: General Forum Members
Points: 176 Visits: 531
When it comes to PCI and financial data, there can be no compromise in data security S&P. BYOD is not a player here. Consultants' devices must be configured to our standards to connect, or no dice.
Gary Varga
Gary Varga
SSCoach
SSCoach (19K reputation)SSCoach (19K reputation)SSCoach (19K reputation)SSCoach (19K reputation)SSCoach (19K reputation)SSCoach (19K reputation)SSCoach (19K reputation)SSCoach (19K reputation)

Group: General Forum Members
Points: 19655 Visits: 6534
phegedusich (4/7/2014)
When it comes to PCI and financial data, there can be no compromise in data security S&P. BYOD is not a player here. Consultants' devices must be configured to our standards to connect, or no dice.


That is certainly a variant of one of the reasons one can expect it to vary client to client e.g. I cannot imagine that the DoD (or any other equivalent agency) would be any different from the UK's MoD in that all devices must be left in external car parks (not brought on-site) and that all MoD devices must stay exactly on-site (not taken off-site).

Gaz

-- Stop your grinnin' and drop your linen...they're everywhere!!!
Freddie-304292
Freddie-304292
SSC-Enthusiastic
SSC-Enthusiastic (102 reputation)SSC-Enthusiastic (102 reputation)SSC-Enthusiastic (102 reputation)SSC-Enthusiastic (102 reputation)SSC-Enthusiastic (102 reputation)SSC-Enthusiastic (102 reputation)SSC-Enthusiastic (102 reputation)SSC-Enthusiastic (102 reputation)

Group: General Forum Members
Points: 102 Visits: 268
We have to download an app that encrypts our data and means that IT can wipe our phone if we lose it if we want to get our email and GDocs on it. Worth the hassle of typing a pin to open the phone every time. VPN is great for working at home.

But most users care little for security, so you do have to impose it from on high.
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search