Post reply

Security Best Practices Question

  • September 24, 2019 at 9:28 pm

    #3683110

    Hi,

    We have a fairly large environment with hundreds of databases. Some databases contain PII, some contain PCI, and some contain little or no sensitive information.  Our report writers use Business Objects but are migrating to SSRS.  They would like a single account with global access to all the databases they report on.  Let's assume that for each database we observe the principle of least privilege.  Even with that, I still feel uncomfortable.  If the account is compromised, the bad guys have access to a lot of data across our enterprise.  Does anyone have any thoughts on this?

  • September 24, 2019 at 10:45 pm

    #3683129

    Bennett Scharf wrote:

    Does anyone have any thoughts on this?

    Yes... tell them sorry but NO.  There should never be shared logins, period.  The closest you should ever come to something like shared logins is AD groups.

    --Jeff Moden

    RBAR is pronounced "ree-bar" and is a "Modenism" for Row-By-Agonizing-Row.
    First step towards the paradigm shift of writing Set Based code:
    ________Stop thinking about what you want to do to a ROW... think, instead, of what you want to do to a COLUMN.

    Change is inevitable... Change for the better is not.

    Helpful Links:
    How to post code problems
    How to Post Performance Problems
    Create a Tally Function (fnTally)

  • September 25, 2019 at 5:52 am

    #3683194

    There could be 2 scenarios :

    1. Bad guy is internal. This can be controlled by network team by allowing SQL to be accessed only from the specific set of IP's
    2. Bad guy is external. This can be controlled with the help of firewall and also by allowing SQL to access only from the specific set of IP's for e.g. only application / reporting server

    Additionally, you can think of masking / encrypting the sensitive information so that it is not disclosed to the person who is not authorized.

    There is nothing much can be done at database level.

    SQL Server Carpenter - Consultant & Trainer
    Author of Learn T-SQL from Scratch

  • September 25, 2019 at 1:47 pm

    #3683307

    All it takes is one person within your company who is authorized, let's say to see the credit card data, but not the PII of individuals, accidentally, not even on purpose with malice, to access the PII data and you have a data breach under either the GDPR or the CPPA.

    Don't do it. In the modern regulatory landscape, it's not worth it to your organization.

    This simple advice assumes we're not talking about healthcare data. In that case, because of mens rea, with knowledge, if you knowingly allow people who do have the rights to data to access it, you can be individually held liable. If we're talking healthcare data, I'd be an absolute terror on security because I'm not risking my house or my freedom so that it's a little easier for someone else to write a report.

    "The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood"
    - Theodore Roosevelt

    Author of:
    SQL Server Execution Plans
    SQL Server Query Performance Tuning

Viewing 4 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic. Login to reply