We all know data security is important, or at least we should know that it's important. As a data professional, you are entrusted with handling all types of information carefully. Yet we constantly we issues cropping up in the news as data is lost, stolen, misplaced, or inappropriately released. In the vast majority of cases, it's seems that it's possible to prevent issues with better procedures and habits.
Recently I saw a report that T-Mobile employees had sold customer data to brokers, who in turn sold it to rivals. Now the details weren't released as to how this occurred, but there are plenty of ways and processes that I have seen in many companies that would make this easy. You can't always prevent a user that needs legitimate access to data from mis-using their access, but you can take some steps to prevent it from being easy or undetectable. Implementing things like auditing, obfuscating data in test or development environments, and using encryption can help provide more security.
In addition to all that, as a professional, you ought to be concerned about the liability that results from your own actions. There's a great article from Dr. Dobbs that talks about reducing the liability that comes when handling data, and it covers a number of common sense items, but they bear worth repeating. I'd recommend you read the article.
I don't expect that most employees have liability for their actions when working with corporate data, though the arrest of two two employees of Bernard Madoff gives me pause. They might be guilty of conspiring to defraud people, or they may have just been following instructions and were unaware of how their work was being mis-used. Time will tell in that case.
That situation is not quite the same as mis-handling data, but if we are trying to hold executives responsible for data breaches, how long before the very litigious society of the US starts to hold IT workers responsible?
Be a professional, do your job properly, document and report problems you see with security. It might not provide complete protection, but I think it will help if you ever do have a data breach in one of your systems.
Steve Jones
The Voice of the DBA Podcasts
The podcast feeds are available at sqlservercentral.mevio.com. Comments are definitely appreciated and wanted, and you can get feeds from there.
You can also follow Steve Jones on Twitter:
or now on iTunes!
- Windows Media Podcast - MB WMV
- iPod Video Podcast - 21.7MB MP4
- MP3 Audio Podcast - 4.5MB MP3
Today's podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music. Support this great duo at www.everydayjones.com.
I really appreciate and value feedback on the podcasts. Let us know what you like, don't like, or even send in ideas for the show. If you'd like to comment, post something here. The boss will be sure to read it.
