Editorials

Reader Feedback on Data Shoplifting

by Ben Taylor

Featured Article(s)
Oracle 2-Day DBA in x Days Post 6; Understanding Oracle’s Networking Environment
Getting to understand Oracle’s network configuration files is essential to understanding how client applications connect to the database. Plus a few extras.

SSWUG.ORG SQL Server Virtual Conference
We’re bringing more than 30 sessions, 11 speakers and a WHOLE lot of content direct to your computer. Travel is just too expensive, it’s tough to take notes, it’s hard to know what sessions to attend – we solve each of these, from full transcripts of each and every session to being able to watch sessions on-demand after initial broadcast times. Excellent content, excellent speakers, a schedule that supports time zones around the world. Oh, and only $100, for all three days of content and direct interaction with speakers. Check out the SSWUG.ORG SQL Server Virtual Conference – and get registered today to enjoy a full membership to SSWUG for 90 days at no charge, starting immediately with your registration. Get more information here.

Reader Feedback on Data Shoplifting
I’ve had some intriguing comments on the whole Data Shoplifting can of worms – it’s clear that if we could just all count on others "doing the right thing," we sure would solve a lot of problems. Of course then reality steps in and the realization that some are more susceptible to temptation and outright wrong intentions and you have to quickly realize that we need to think of approaches that minimize risk and exposure. So, here’s a link to my original editorial, and here are some reader feedback items (and a reader question on this topic) (submit your thoughts here):

Stephen: "That is one of the toughest questions to face in businesses that depend upon Sensitive Personal Information to operate. In order to reduce the threat of Data Shoplifting, we have disabled USB ports and CD writing software on the Enterprise level. Coupled with limited rights to install software on their machines and a lack of floppies, we have tried to eliminate any method of writing large data dumps. Unfortunately, the resourceful thief will still find loopholes, as I can think of several off the top of my head."

Al: "I think that this is best addressed at people’s internal integrity ‘meters’.

Putting external security checks and procedures are very important, but like you said people can get around them if they want to.

That being said, I believe most people want to do the ‘right’ thing (being overly paranoid doesn’t encourage a healthy working environment).

Internal integrity can be nurtured through training (especially role-playing). Identify grey-area scenarios and have team members ‘act’ them out and discuss them afterwards during annual or semi-annual integrity training. Some theft and data loss comes from carelessness (keeping passwords in easy accessible places or leaving laptops in open areas for ‘just a second’ as examples) but others comes from slowly deteriorating internal integrity meters (I’ll just use the photocopying machine for a few personal things (even though it’s against company policy) or they were going to throw away that laptop/pc anyway so I’ll just take it home to reuse the parts or fix it). While seemingly innocent, I believe that over time it lowers our internal integrity meters to a point where actual data theft seems like a smaller step (instead of a huge leap).

Yes, there will still be those ‘external’ thieves waiting to break-in, but the best battle against internal database shoplifting comes from employee integrity awareness and training."

Dixon: "I am interested in your article on shoplifting, but from a different perspective. I am a software consultant and as such, I have 24/7 remote access, including passwords, to my clients server. If something happens to my clients data, how do I prove that I was not the shoplifter?"


SQL Server Show Posted
SelectViews #105: Login Audits, Accidental DBA Quick Performance Checks, SQL Injection and Upcoming Events. Also, Find Out About Noise and News in the DB World and the 60-Second SQL Server Tip of the Day.

> Watch The Show

Featured White Paper(s)
Cool Features for SQL Server 2008
Are you ready to change the way you administer and develop SQL Server? Scheduled for release this year, SQL Server’s first si… (read more)

SQL Server Fragmentation Explained
As the data in Microsoft SQL Server tables changes, their indexes change. Over time, these indexes become fragmented. This fr… (read more)

Tags:
Author: Ben TaylorBen is a Relational Database veteran starting in the early eighties on DEC Vax database systems such as Bloom and Harvest. He has specialized in SQL engines for more than two decades, with a primary focus on Microsoft SQL Server. Ben has worked with small and large databases for both OLAP and OLTP working on systems for many industries such as Medical (Medical Claims and Eligibility Warehouse, HMO Provider Management, Enrollment), Financial (credit card processing, mortgage, stock portfolio management), Manufacturing (Assembly Line and Product Assemblies), Sales, Auto Auctions and more.