|
|
SQL Server Development and Data Security
-
Posted Friday, November 14, 2008 9:43 AM |
If you have worked with SQL Server for a given period of time chances are that you have experienced, witnessed, or at least familiar with the concept of backing up a database. This task is a primary staple in the DBA diet and should always include verification that the backups actually are valid. An example of a statement that can be used to backup a SQL Server database is: BACKUP DATABASE [DemoTDE]
TO DISK = 'C:\Backup\DemoTDE.bak'
WITH NOFORMAT,
INIT,
NAME = 'DemoTDE-Full Database Backup',
SKIP,
NOREWIND,
NOUNLOAD,
STATS = 10
GO When Transparent Data Encryption (TDE) is enabled on a database there are some additional dimensions that must be considered when performing a database backup. BACKINGUP TDE ENABLED DATABASES
In my previous blog entry titled TDE: Under The Hood With TempDB I included the steps that are required to implement TDE. These steps include the creation of a Database Master Key (DMK), which is protected by the Service Master Key (SMK), as well as a Certificate that is protected by the DMK. All of these items reside in the MASTER database and are not included in the backup of the user database in which TDE is enabled or the MASTER database. To perform a backup of these items the following statements must be executed: BACKUP SERVICE MASTER KEY
TO FILE = 'C:\Backup\DemoTDE_SMK.bak'
ENCRYPTION BY PASSWORD = 'MySMKBackupP@ssWord2009'
GO
BACKUP MASTER KEY
TO FILE = 'C:\Backup\DemoTDE_DMK.bak'
ENCRYPTION BY PASSWORD = 'MyDMKBackupP@ssWord2009'
GO BACKUP CERTIFICATE MyServerCert
TO FILE = 'C:\Backup\DemoTDE_CERT.bak'
GO With the execution of the BACKUP DATABASE command and the three statements above you will have all of the files required to successfully recover your TDE enabled database. Please note that backing up the MASTER database or TEMPDB database is not required for recovering a TDE enabled user database. The general database backup process often includes transferring the backup files to an external medium and stored in a safe location. When encryption is involved it is recommended to store the key backup files on a separate medium and location from the database backup file. This practice ensures that if the medium that contains the database backup file falls into malevolent hands the contents of the data remains secure since the keys are required to recover and access the data. There are no additional backup requirements for the Database Encryption Key (DEK) which was created on the user database in which TDE was enabled. The DEK is actually stored in the user database's boot record and is included in the database backup. When the database is recovered the database boot record is accessed and the DEK is available for reference at that time. RECOVERING TDE ENABLED DATABASES
When it comes time to recover a TDE enabled database there are a few variants in the approach depending upon the level of recovery required. For example: When the entire instance is requiring recovery, or the recreation of an instance is occurring on a separate server, the recovery of the SMK, DMK and Certificate will be required. If the recovery effort is focused on a specific user database within the instance of its origin the recovery of the database backup will often be sufficient. If the SMK recovery is required you will need to carefully consider recovery or altering of all items within the instance that are protected by the SMK. The recovery of the SMK is performed by the following statement: RESTORE SERVICE MASTER KEY
FROM FILE = 'C:\Backup\DemoTDE_SMK.bak'
DECRYPTION BY PASSWORD = 'MySMKBackupP@ssWord2009'
GO The recovery of the DMK is performed by executing the following statement in the MASTER database: RESTORE MASTER KEY
FROM FILE = 'C:\Backup\DemoTDE_DMK.bak'
DECRYPTION BY PASSWORD = 'MyDMKBackupP@ssWord2009'
ENCRYPTION BY PASSWORD = 'MyNewDMKP@ssWord2009'
GO Please note that we recovered the DMK using the protection of a password (ENCRYPTION BY PASSWORD) rather than the SMK. This allows the DMK to be recovered even in an instance in which the SMK is different from the instance in which the DMK was originally created. To change the DMK back to being protected by the SMK, the following series of statements are required in the MASTER database: OPEN MASTER KEY
DECRYPTION BY PASSWORD = 'MyNewDMKP@ssWord2009'
GO
ALTER MASTER KEY
ADD ENCRYPTION BY SERVICE MASTER KEY
GO
CLOSE MASTER KEY
GO Please note that modification of the DMK requires it to be opened first. Certificates are recovered through re-creation rather than recovery. If the Certificate used for TDE previously exists in the MASTER database it will need to be dropped prior to execution the following statement: CREATE CERTIFICATE MyServerCert
FROM FILE = 'C:\Backup\DemoTDE_CERT.bak'
GO At this point all of the keys that reside in the MASTER database have been recovered and the user database in which TDE has been enabled is ready to be recovered through the following statement: RESTORE DATABASE [DemoTDE]
FROM DISK = 'C:\Backup\DemoTDE.bak'
WITH FILE = 1,
NOUNLOAD,
REPLACE,
STATS = 10
GO Once the database has been restored the success of its recovery can be determined through querying a table that resides within the database.
Disclaimer: All of the SQL Statements offered in this blog entry are provided as examples of their use and syntax. The arguments and their values used may vary depending upon your situation. Additional details regarding these statements can be obtained through SQL Server Books On Line. Always backup and test in a development environment before executing these suggested statements in a production environment.
|
-
Posted Friday, November 07, 2008 8:45 AM |
The tempdb system database can be found in any SQL Server instance. It is a database that is utilized by all user databases that are created within the instance. This system database is where temporary user objects such as temporary tables, variables, cursors, spools, sorting and row version activities are performed. There is no doubt that this system table is extremely valuable in the functionality of the entire SQL Server instance. When Transparent Data Encryption (TDE) is enabled on any user database the primary elements of the user database that is encrypted is the physical database (.mdf) and log (.ldf) files. A byproduct of this feature being implemented is the encryption of the tempdb system database. On the surface the automatic encryption of the tempdb system database might be a bit confusing and raise some concerns about how the non-TDE enabled user databases might interact with tempdb. To clarify this, let's start at the beginning: On a fresh SQL Server instance, TDE is enabled on a user database by performing the following steps: 1. Create a Database Master Key (DMK) using the master database.
2. Create a Certificate using the master database.
3. Create a Database Encryption Key (DEK) using the target database.
4. Set Encryption to "ON" using the target database. We will explore these four steps in depth in later blog entries; but for now, let's now review some system views that reveal what has transpired as the result of these four steps using the master database. SELECT * FROM SYS.SYMMETRIC_KEYS
The execution of this statement reveals the master keys that exist in the database. The one that we are focusing on, as the result of the steps listed above, is the one that contains the value of "##MS_DatabaseMasterKey##" in the column titled "name". This indicates the DMK that was created in the first step above. SELECT * FROM SYS.CERTIFICATES
The execution of this statement reveals the certificates that exist in the database. The certificate that contains the certificate name that was used in the second step above in the column titled "name" is the one that we are focusing on in this example. Notice that the column titled "pvt_key_encryption_type_desc" contains the value of "ENCRYPTED_BY_MASTER_KEY". This value is in reference to the DMK noted above. Also, note the binary value that is contained within the column titled "thumbprint". We will refer to this in the next query. SELECT * FROM SYS.DM_DATABASE_ENCRYPTION_KEYS
The execution of this statement reveals the database encryption keys (DEK) that exist for the instance. You will notice that even though we created only one DEK there are two listed in the query results. If you cross reference the value within the column titled "database_id" to the sys.databases view you will notice that one of the DEKs is for the target database in which we enabled TDE and the other is for the tempdb system database. The dm_database_encryption_keys view offers some interesting insight to these DEKs; specifically the column titled "encryptor_thumbprint". The encryptor_thumbprint column reveals the binary reference to the certificate that protects the DEK. The value that has been captured for the target database in which TDE was enabled can be directly referenced to the "thumbprint" column revealed in the sys.certificates view. The encryptor_thumbprint value for the tempdb system database contains the value of "0x", which is the binary equivalent to a zero-length value (not null). This means that the DEK that has been created or the tempdb system database is completely independent from the key hierarchy that was established for the target database in which TDE was enabled. In addition, a review of the columns titled "key_algorithm" and "key_length" contain the values of "AES" and "256" for the tempdb system database regardless of the algorithm utilized for the target database. Since the tempdb system database is referenced by all user databases within the instance, regardless of whether TDE as been enabled or not, all databases must perform the encryption and decryption process when using the tempdb system database utilizing its DEK. The inherent behavior of the tempdb system database is that when the SQL Server instance is stopped and started that the tempdb is dropped and recreated. This can be verified by performing the following steps: 1. Stop the SQL Server instance.
2. Start the SQL Server instance.
3. Execute "SELECT * FROM SYS.DATABASES" using the master database. The result of the third step of this process will reveal that the column titled "create_date" for the tempdb system database will be approximately the date and time of the start of the SQL Server instance. When the dm_database_encryption_keys view is executed, the DEK for the tempdb will still be included in the results and the column titled "create_date" will reflect a recent date and time. This illustrates that when the tempdb system database is recreated so is its DEK. There is a lot that can be discussed on this specific aspect of TDE alone and it certainly presents some interesting questions in regard to performance, mirroring, backup and recovery strategies. While TDE's purpose is to provide protection of a specific databases' files there are affects to the instance as a whole and requires careful consideration and testing before implementing into a production environment.
|
-
Posted Friday, October 31, 2008 10:21 AM |
There is a scene in the 1955 Looney Tunes short called "Sahara Hare" in which Yosemite Sam is attempting to enter a castle in the desert. After various failed methods of forced entry he encounters a secret entrance in the wall of the castle. When Sam opens the door there is another one immediately behind it. When that door is opened it reveals yet another one and so the scenario repeats until he encounters some strategically placed TNT. This segment of the cartoon reminds me of the encryption key hierarchy minus the destructive ending. The series of keys that makes up the encryption key hierarchy protect each other until the key that used for the encrypting/decrypting process is revealed. The outer door being the Service Master Key (SMK) which protects an inner door, the Database Master Key (DMK) , which protects additional doors which are symmetric and asymmetric keys. With SQL Server 2008 and the introduction of Transparent Data Encryption (TDE) a new key was introduced into the mix: The Database Encryption Key (DEK). On the surface it may be a little confusing when determining the difference between a Database Master Key (DMK) and a Database Encryption Key (DEK). The similarity between their names certainly add to the confusion. They both are addressing the encryption process and the use of the word "encryption" in its name does not provide any implication to its unique purpose. Under the hood, the differences become much easier to understand: Database Master Key
This symmetric key is used to protect subsequent symmetric keys or asymmetric keys within the database that are utilized in the actual encryption/decryption process of the data. The algorithm used when a DMK is created is Triple DES. The key that protects the DMK is the Service Master Key or a user-supplied password. When the SMK is used to protect the DMK, the opening of the DMK occurs automatically; otherwise the DMK must be opened using the OPEN MASTER KEY statement. The CREATE MASTER KEY command is used to create a DMK. The sys.symmetric_keys view will display the DMK for the database. Database Encryption Key
This symmetric key is used only for TDE. The purpose of this key is to perform the encryption/decryption process on the physical files and filegroups of the database. The algorithm used when a DEK is created is determined based upon the WITH ALGORITHM argument and include various AES algorithms as well as Triple DES. The key that protects the DEK is a Certificate (Asymmetric Key) that resides in the MASTER database which is protected by the DMK for the MASTER database. Since the DEK is used with the TDE process, the opening of this key is transparent to the end user. The CREATE DATABASE ENCRYPTION KEY command is used to create a DEK. The sys.dm_database_encryption_keys view will display the DEK for the database.
|
-
Posted Thursday, October 23, 2008 5:32 AM |
Recently at an IndyPASS meeting I facilitated a general question and answer session preceding our regularly scheduled feature presentation for the month. There was a lot of great questions covering many aspects of SQL Server; but I was most excited to hear some great questions in regard to Transparent Data Encryption (TDE). In the next few blog entries I hope to cover some of the items that were raised. This entry focuses on the Master Key that is used for TDE. If you have an instance of SQL Server that does not contain databases that have TDE enabled, the first step in the process of the implementation of TDE is to create a Database Master Key (DMK) for the MASTER database. An example of this syntax is below: USE MASTER
CREATE MASTER KEY
ENCRYPTION BY PASSWORD = 'MySampleStrongP@ssword2008' In general when a DMK is created for a database it would be created using the database in which we intend to apply the encryption (target database). In the case of TDE we do not create the DMK in our target database, but do so directly in the MASTER database. This placement of the DMK in the MASTER database facilitates the server's handling of the encryption/decryption process automatically without the additional code that cell-level encryption requires. Only one DMK can be created for any given database. If the above commands are executed against the MASTER database that already has a DMK defined an error will be returned. To determine if a DMK has been previously created you can execute the sys.symmetric_keys catalog view on the MASTER database. The record with the name column value of "##MS_DatabaseMasterKey##" is your DMK. The creation of a DMK in the MASTER database does not imply that the MASTER database has been encrypted. In addition, the creation of a DMK in the MASTER database does not imply that the entire instance has been encrypted. Creating a DMK simply produces an symmetric key that is utilized for the encryption/decryption process. As you proceed with the implementation of TDE keep the following items in mind: - When the database backups occur, the DMK, or any other key, is not included in the backup. You must backup all keys individually as a separate step to your plan.
- The DMK is protected by the Service Master Key (SMK). The SMK is created at the time the instance is created. If the SMK is changed or lost, recovery of the DMK to unlock the encrypted database will not be a pleasant experience and will likely result in an unrecoverable database.
- All databases in a single instance that have TDE implemented will utilize the single DMK that was generated in the MASTER database.
Certainly as you read this information additional questions will arise. In the following blog entries, I will cover other aspects of TDE that will hopefully answer many questions. Feel free to comment on this blog with your questions or contact me directly if you have more detailed or specific questions in regard to DMK or TDE.
|
-
Posted Wednesday, October 15, 2008 5:55 AM |
I receive a daily feed from http://datalossdb.org/latest_incidents.rss which provides very basic information in regard to data loss events. These data loss events are not situations where a database crashes and data is lost, these are events in which valuable or sensitive data is disclosed to unauthorized parties. Examples of these events are: - Names, addresses and social security numbers of college students are published on the Internet.
- A document containing sensitive information is found in a trash can.
- Sensitive data that is contained on a laptop which is stolen from an employee's or auditor's automobile.
- A disk containing sensitive information about a business' customers is lost.
- A hacker gains access to a server containing sensitive data.
I have been watching this feed for quite sometime and have been amazed at the frequency of these events. These occur on a daily basis and involves some rather significant organizations. It is very interesting to see that the events that are caused by hackers is a small percentage of the lot. Majority of them are the result of misplacement of data or irresponsible disclosure. There is a lot that can be done to protect data while it is in storage. There is also a lot that can be done to protect data as it travels from the database to the user interface and back again. Role based security, encryption and other obfuscation methods provide the armored car affect for the data. Once data has been disclosed the imperfect human factor enters the picture. A person who is otherwise authorized to view sensitive data might then save it in an Excel Spreadsheet on their laptop which gets stolen from their car. They might attach the information to an e-mail that they accidentally send to the entire company and their book club buddies. The might save that information on their favorite thumb drive which falls out of their pocket as they answer their cell phone... and the examples go on an on. It is an excellent practice for the DBA or Developer to question the inclusion of sensitive data in an unprotected format on any vehicle of disclosure. The requestor may not realize that the data that they see every day could be considered sensitive. The requestor may not fully understand the consequences of further disclosing this data to potential unauthorized parties. It is very likely that the sensitive data may not be needed at all except for record identification purposes and an alternative piece of data could be recommended. The practice of sending reports, data extracts or user interface displays that contain unprotected sensitive information to their recipients is not unlike attaching a scroll of paper to the leg of a pigeon in the old pigeon post days. While it is a very effective method of delivering data to those in need of it, the path is fraught with falcons and hunters awaiting to intercept the data.
|
-
Posted Friday, October 10, 2008 8:24 AM |
Databases often contain sensitive information and cell-level encryption is a very effective method to protect this information from those who should not have access to it. Although, encryption is not without its challenges. There is a performance cost. There also is additional administrative tasks required with its introduction into the database. That is why there are some instances where encryption is restricted, by the powers that be, from being utilized.
When the DBA or Developer finds themselves faced with the requirement of protecting sensitive data while not being able to utilize encryption they must seek alternatives to this feature. There are many alternatives available and some, when appropriately implemented, can be as effective as encryption itself. Below are a few examples of these alternatives: Store Only The Data You Need
In this day and age storage media is relatively inexpensive. This is a good thing, but it does enable lax storage strategies. When determining the schema of your table consider the use of the columns that are being added, especially ones that contain sensitive data. Try to avoid the "We may need it someday" mind set.
For example: The Social Security Number is an identifying number provided by the Federal Government for individuals in the United States. This piece of data is often found in tables that contain other information about an individual. If this piece of data is not being used functionally by the applications that access the database its inclusion in the schema should be reconsidered and challenged. If it is determined that the sensitive data must be stored in the table, consider only storing a portion of the data rather than the entire data. For example: If you must store the Social Security Number, storing the last four digits may suffice for its use in your database. Masking Plain Text
We are all familiar with the standard method of displaying the text of a password as it is being typed into a text box; all letters are replaced with an asterisk (*). Most are also familiar with the masking methods used on a credit card receipt: the last four digits of the credit card number are displayed in plain text while the remainder of the number are replaced with an asterisk. These two examples demonstrate how sensitive data within the database is hidden at the point of disclosure from the eyes of those who should not see it. While this approach is very effective it does not necessarily suggest that the sensitive data that is stored in the database is similarly masked. According to PCI Compliance Standards, Requirement 3.4, credit card numbers (PAN) cannot be stored in a database in its entirety. Masking this information within your database is a valid means of meeting these requirements. When implementing masking, please remember that the storage of data that is entirely masked is rather useless since it cannot be read or searched by anyone regardless of the security level. Determining the extent of masking that is to be applied to the sensitive data is a fine balance between maintaining the value of the data for authorized users while rendering it useless to those who are unauthorized for its use.
Coding Data
Utilizing numeric or alphanumeric values to represent the real values of data is often a practice that can be found in normalization efforts. Placing a value of "16" to represent the State of Indiana or "01" for the State of Delaware is a very efficient means of storing this data. It also allows for the represented text to change without having to modify all of the rows that are associated with that value. This same practice can be utilized to protect sensitive data. Consider a financial planner who maintains records of their client's financial history in a database. Knowing that certain aspects of their information is sensitive the financial planner might store the value of "1250" to indicate that his client has declared bankruptcy or "3427" to indicate the beneficiary of the client's assets. Without access to the data that provides the interpretation of this code, the sensitive data remains a mystery. Hashing
SQL Server offers the HashBytes method. This method uses a specified algorithm to turn plain text into a binary value that then can be stored in the database masking the sensitive data it represents. The specific syntax of using the HashBytes method can be found at:
http://msdn.microsoft.com/en-us/library/ms174415.aspx There is a fine line between hashing data and encrypting data. Encrypting data involves the process turning plain text into cipher text as well as decrypting the data back into plain text when needed. Hashing converts the plain text into a binary value and is only compared with other hashed values to produce validation of plain text; thus removing the key management aspect of encryption as well as a portion of the performance affects. Here is a great blog entry that talks about using the HashBytes method to secure sensitive data:
http://blogs.msdn.com/sqlcat/archive/2005/09/16/469257.aspx While these options have their own benefits and vulnerabilities they do offer some creative approaches to protecting the sensitive data that has been entrusted to your organization.
|
-
Posted Friday, October 03, 2008 9:57 AM |
At the heart of encryption are keys. These allow you, the authorized user, to unlock the subsequent key in a key hierarchy or the cipher text contained within a database. This hierarchical relationship in SQL Server 2008 is illustrated at http://msdn.microsoft.com/en-us/library/ms189586.aspx. For SQL Server 2005, the hierarchy is illustrated at http://msdn.microsoft.com/en-us/library/ms189586(SQL.90).aspx Within SQL Server, the head of the encryption family is the Service Master Key. This key is a Symmetric key that is based off of the service account credentials as well as the machine key from the Windows Data Protection API (DPAPI). There is only one Service Master Key per instance of SQL Server and is created at setup of that instance. The Database Master Key is a Symmetric key that is unique to each catalog (database) within the SQL Server instance. This key is encrypted using the Service Master Key of that instance. When a catalog is created the Database Master Key is not automatically generated. These keys are created using the CREATE MASTER KEY command. Once the Database Master Key is created, additional keys can be created to increase the granularity of of the encrypted data. For example a table or cell can be encrypted with one key while another table or cell could be encrypted with a separate key. Both keys are therefore encrypted by the Database Master Key. These keys can fall into the following types: Asymmetric Keys are the combination of a private key and a public key. The plain text is encrypted using the public key, which is distributed to others, and is decrypted by a corresponding private key which is very limited in its distribution. An Asymmetric Key is created using the CREATE ASYMMETRIC KEY command. A Symmetric Key is a single key that is used to encrypt and decrypt data. A Symmetric Key can only decrypt the data that was encrypted by itself. As previously noted the Service Master Key and Database Master Key are considered this type of key. A Symmetric Key is created using the CREATE SYMMETRIC KEY command. Certificates are private or public keys that are digitally associated with an individual or device. The use of a Certificate is very similar to Asymmetric Key. These can be created externally from SQL Server and can offer expiration management. To create a Certificate within SQL Server you will use the CREATE CERTIFICATE command. When a database is backed up through the standard means, the keys that are applied to the instance and subsequent catalogs are not included. Each key must be individually backed up using the BACKUP SERVICE MASTER KEY, BACKUP MASTER KEY or BACKUP CERTIFICATE commands. A best practice is not to store these key backups on the same device as the database backup in the event that the device is compromised. While a mile of text could be used to provide more details regarding keys, this cursory review should provide the novice cryptographer with some basic information that will help begin to lift the fog in the implementation of this valuable feature of SQL Server.
|
-
Posted Monday, September 29, 2008 9:06 PM |
Back in 2001, I attended a seminar in which Microsoft introduced the .NET Framework. I distinctly remember the discussion surrounding the concept of software being offered as a service via the Internet. Over the years there has been many offerings in this regard and more potential customers of this option have grown accustomed to and interested in the concept. As the .NET Framework matured and the tools to create web applications became more powerful, the appearance of applications being offered on the Internet became more frequent. The straight-forward term of "Software as a Service" became a more visual and marketable "Computing in the Cloud" which could very well draw The Rolling Stones in again for someone's marketing campaign. The database world has not been left out of this brave new world. There are many on-line database service offerings that are making their claim in the cloud such as Intuit, Amazon.com, IBM and Google. Most interesting to the SQL Server crowd is Microsoft's offering called SQL Server Data Services (SSDS). This product offers on-line data storage, query and manipulation. While SSDS will not offer the entire suite of features of SQL Server when it is released, there will be many features that will make it a serious contender in the current "database in the cloud" market. The marketing information indicates that SSDS will have a "flexible data model" and further describes it as "no schemas required". With elements such as entities, containers and "flat scalar property bags" developing in the SSDS environment may require a bit of a learning curve for the Database Developer; but it is a very exciting opportunity for those willing to go off into the "wild blue yonder". There is much more to learn about SSDS and I am looking forward to getting my hands on it. This product is not yet in Beta; but Microsoft is taking applications for participating in the Beta program. You can sign up to participate in the Beta as well as learn more about SSDS at the following link: http://www.microsoft.com/sql/dataservices/default.mspx
|
-
Posted Tuesday, September 23, 2008 9:47 PM |
On the surface, the question of whether or not a database contains sensitive data may seem like a rather simple one to answer. Most people recognize that a Federal identification number or a credit card number is and should be recognized as sensitive data. While these pieces of data get a tremendous amount of attention by the media when data loss is reported there are other pieces of data that are not as easily recognized as being considered as sensitive. The following categories of data are considered to be sensitive and should be protected: Government Assigned Personal Identification data
This type of data includes Social Security numbers, tax identification numbers for businesses, driver license numbers and other data that the Federal, State or Local Governments have assigned to an individual or business for the purpose of identification. Biometric data
As biometrics become utilized more often for the purpose of identification verification the importance of protecting this information becomes more critical. This type includes items such as retinal scan images, facial images, fingerprints and signatures. Medical data
The Health Insurance Portability and Accountability Act (HIPAA) protects data in regard to medical and insurance information for patients. This includes notations in regard to conversations with your health care professional, physical and mental medical history as well as payment history of medical care. Unauthorized disclosure could result in civil and criminal penalties. Student Education data
The Federal Educational Rights and Privacy Act (FERPA) protects data in regard to students and their educational records. This includes the student’s name, address, telephone number as well as information specifically regarding their education history. Unauthorized disclosure could affect a school’s Federal funding… not to mention compromising a student’s privacy. Employment data
Items such as salary information, performance reviews, worker’s compensation claims, benefit information and pension plan details fall into this category. Any HR Professional will tell you that the unauthorized disclosure of such information could result in severe consequences. Communication data
E-mail messages, telephone records and recordings, fax documents, text messages are all carriers of information that may contain data that would fall into any of these categories; Therefore, this information should be considered sensitive data. Financial data
Financial data not only discloses information regarding an individual or business’ financial status it also often contains data that is used to gain access to assets. For example: bank account numbers, personal identification numbers and beneficiary information. Intellectual Property data
Items that fall into this category are source code, schematics, details regarding a new product and also creative works such as images and written documents. The unauthorized disclosure of such information could destroy the competitive edge of a business or compromise the copyright claim by an author or artist. As the DBA and Developer, we are typically the ones that implement encryption and other security measures in the database. We are often requested to provide extracts of data for use by external systems. We are also often requested to produce printed reports that present data for the use of Business Analysts to review. We are also a target for phishing or social engineering efforts to gain access to sensitive data. Once data leaves the protected environment of the database the control of its dissemination becomes nearly impossible. The printed report could be passed around and end up in the hands of a person who will use the information for fraudulent activities. The spreadsheet that is generated by a SSIS Package or query could be stored on a laptop that is not password protected or encrypted which is stolen from the person’s automobile. The information could be attached or typed in an e-mail that was accidentally sent to a mailing list that contains hundreds of people. While you cannot control the further disclosure of the data once it is in the requestor's possession the understanding of the data that is being stored in your database will go a long way in protecting your client's privacy, your employer's reputation and ultimately your job.
|
|
|