In my view, data security is an abstract concept, just as abstract as money, religion and fascination – all devised by humans. And anything that is human-made can be human-destroyed. When it comes to IT and data security, history has proven that pretty much anything can be cracked, taken, reshuffled, altered, refurbished, reheated and re-served. … Read more
Database administrators are typically responsible for the security and availability of financial data. In this article, Robert Sheldon discusses SOX, passed in 2002, that governs financial data of publicly traded companies in the US.… Read more
In my blog Calculating a Security Principal’s Effective Rights. I built a view, named Utilty.EffectiveSecurity that you could query to fetch a security principal’s rights to objects in a database. In that blog I tested the code and showed how it works. Now I have taken this to the extreme and expanded the view to … Read more
HIPAA was signed into law in the United States in 1996. In this article, Robert Sheldon discusses how the act affects the day-to-day responsibilities of database administrators. … Read more
Security. Oh that most painful of topics. I discussed it a few months earlier when I discussed the need to give rights only through roles to users, so everything is the same in dev and prod except the users who are placed in each role (SQL Server Database Security And Source Control). As I was … Read more
Now that the GDPR has gone into effect, many are wondering what will happen in the United States. California is the first state to enact similar legislation, called the California Consumer Privacy Act of 2018 (CCPA). In this article, William Brewer explains the history of the law, what it means for companies doing business with California residents, and how it compares to the GDPR.… Read more
Since the GDPR has gone into effect, the focus has often been on databases. There are many other ways that personally identifiable data may be stored by an organization. In this article, David Poole shows how to use Bash and PowerShell to locate that data in file shares… Read more
Security, compliance, and data ethics are related concepts that everyone who works with software should know about, from the help desk to the C-level office… but almost everyone thinks that worrying about these things is someone else’s problem. As data breaches become increasingly common and data privacy regulations pass in more regions, there are increasing … Read more
Despite the attention to data privacy and protection caused this year because of the GDPR, regulations governing how data is handled are nothing new. In this article, Robert Sheldon provides an overview of two US regulations, HIPAA and SOX, and explains how these regulations affect DBAs. … Read more
I haven’t seen a SQL Server table with real unencrypted credit card numbers for several years, and I don’t know of any good reasons to have them stored that way. However, I’ve needed them in the past for testing a web application that had to take credit card details. Generating credit cards in a way … Read more
Along with the GDPR, regulations require that confidential data is protected and used properly. In this article, William Brewer discusses the ways that data manages to migrate around the organisation and the challenges found in protecting that data.… Read more
In any real numeric data from a database , you are only rarely going to see any sort of normal distribution of the values. Sales data will rise and fall according to the time of year and the economic cycle. The date of input of a record will vary with the workload. If you plot … Read more
When you are developing an existing database, or demonstrating it, you nowadays need pseudonymised data, or even better, completely anonymized data. This data has to look right at first glance, and it needs to have the same distribution as the real data. Although we are yet to tackle continuous variables with complicated distributions such as … Read more
Many times I’ve been told, by developers who are using live data to develop a database, that it is impossible to anonymise or pseudonymize their data to comply with privacy legislation. One recurring explanation is that one can’t duplicate the distribution of data by faking it. In a sense, this is true, because if you … Read more
The GDPR is in full effect but meeting the requirements may still be confusing for many companies. In this article, William Brewer discusses what is needed to ensure compliance, including when a Data Protection Impact Assessment is required. He also explains the Data Protection Officer role. … Read more
Protecting data in SQL Server is not as simple as setting a few properties. While there are great security features in SQL Server, such as Transparent Data Encryption, production data may end up in places throughout the organization. In this article, Brian Kelley talks about the best ways to secure data using the concept of least privilege. … Read more
Data breaches make the news on an almost daily basis. There is no turning back, however, as we are firmly entrenched in this digital way of life. Brian Kelley discusses some of the reasons data breaches occur and what we can do to prevent them.… Read more
You may have noticed a recent flurry of activity in your email inbox as many companies sent out new privacy policies and, in some cases, asked you to opt-in to continue to receive communications from them. This coincides with the deadline to comply with the GDPR (General Data Protection Regulation). This regulation is meant to … Read more
Data governance must be included in DevOps practices. William Brewer explains how to define business policies and standards to ensure compliance with privacy regulations and bring data governance to all aspects of continuous delivery.… Read more
On 25th May GDPR comes into force. I’ve been learning everything I can about GDPR to ensure my systems adhere to the regulations and will be attending Redgate’s SQL Privacy summit, details and registration here on Friday 18th May in London . However I’ve been really shocked at the amount of developers I know who … Read more