Uncategorized

Database Shoplifting

by Ben Taylor

How Do You Do It?
I’m starting to see more and more blogging, articles and other mentions about an emerging issue with databases. That issue is what I refer to as "shoplifting" of sorts – data theft from within. There have been recent reports of employees or other privileged folks (contractors, for example) either putting software in place to gain access to information they shouldn’t or outright stealing databases of information and selling them on the black market.

My question: how do you go about protecting against this? Yes, it can be audited. Sure, you can set up "need to know" permissions and such. But, still, in most cases, to do their job they’ll need access to information on your systems. Access means they can do things that bad people do.

My term "shoplifting" of the data comes from the long-touted fact that a huge percentage of shoplifting – retail thefts – actually comes from those on the inside of a business. They know the patterns, the protections and such that are in place. They also know how to get around them. So, using this information, by and large, the employee is one of the biggest sources of loss in the retail space. This is pretty much what we’re starting to see with data-oriented thefts. As a matter a fact, I’d suggest that it’s not that it’s *starting* now, but rather that we’re just hearing about it.

Back to the question at hand – what do you do? Drop me a note, let me know

Video: SQLonCall – Staying on Top as a DBA
Continuing Education for DBAs. How do you know where to spend time and resources? What types of things can you do to help out the DBA team as they need to stay on top of technologies?

> Watch Show

Other Video Programs/Shows available:
[Watch] SelectViews – Accidental DBAs, 60-second tip of the day, More
[Watch] SelectViews – Special – SQL Server 2005 Jobs – How-To, When, Where, Why – Demos

Featured White Paper(s)
Troubleshooting SQL 2005 – Opening a Database Administrator’s Toolbox
This white paper guides you through troubleshooting using some of SQL 2005’s built-in features to diagnose issues with your d… (read more)

Building Proven Data Protection Strategies
Will traditional data protection applications survive the demands for ultra-high availability and the growing requirements fo… (read more)

Author: Ben TaylorBen is a Relational Database veteran starting in the early eighties on DEC Vax database systems such as Bloom and Harvest. He has specialized in SQL engines for more than two decades, with a primary focus on Microsoft SQL Server. Ben has worked with small and large databases for both OLAP and OLTP working on systems for many industries such as Medical (Medical Claims and Eligibility Warehouse, HMO Provider Management, Enrollment), Financial (credit card processing, mortgage, stock portfolio management), Manufacturing (Assembly Line and Product Assemblies), Sales, Auto Auctions and more.