Slashdot Mirror

← Back to Stories (view on slashdot.org)

How Do You Deal With Sensitive Data?

Posted by ryuzaki0 on from the just-turn-off-db-access-for-everyone dept.

imus writes "Just wondering how most IT shops secure sensitive data (customer records). Most centrally managed databases seem to be monitored and maintained very well and IT workers know when they are tampered with or when unauthorized access occurs. But what about employees who do legitimate selects from these databases and then load CSV files and other text files onto their laptops and PDAs? How are companies dealing with situations where the database is relatively secure, but end-use devices contain bits and pieces of sensitive business data, and sometimes whole segments? Does anyone use sensitive data discovery software such as Find_SSNs or Senf or other tools? Once found, how do you deal with it? Do you force encryption, delete it or prevent extracts?"

12 of 226 comments (clear)

  1. Sensitive Data by cheebie · · Score: 5, Funny

    I try not to talk loudly around it, and make sure it's emotional needs are met.

    1. Re:Sensitive Data by Spy+der+Mann · · Score: 2, Funny

      I try not to talk loudly around it, and make sure it's emotional needs are met.

      No wonder sensitive data is lost so easily in Microsoft Windows... it's still scared of the chairs.

  2. Our hospital records are strongly protected by Anonymous Coward · · Score: 5, Funny

    we use a robots.txt file and a strongly worded "keep out - private data" header on all important records

    1. Re:Our hospital records are strongly protected by Anonymous Coward · · Score: 1, Funny

      Our hospital uses stronger means: besides robots.txt our headers say "Keep out - only private data of our celebrity customers (including Ms Portman)".

      We are actually still doing financially fine, though our legal fees are unusually large.

  3. Re:Unless of course, you're.. by pak9rabid · · Score: 2, Funny

    Incompetence aside, of course ;)

  4. Enforce Strict Naming Conventions by jaguth · · Score: 5, Funny

    I name all of my sensitive files, databases, tables, and fields with names that nobody would want to touch, such as "Smashing Pumpkins Discography DB", "tblPeeWeeHerman", "Oprah.txt", ect.

    And for storage, I burn them all to DVD and put them inside empty "Aerosmith" jewel cases. Keeps them nice and safe from prying eyes.

    1. Re:Enforce Strict Naming Conventions by Anonymous Coward · · Score: 1, Funny

      I code-named one project PMS. Urinary Tract Infection does wonders too.

  5. Why do they need access? by bockelboy · · Score: 4, Funny

    Ask yourself why the employees need the SSN access in the first place!

    Tell your DBA to create a view which replaces the SSN with some other random number for every possible person with DB access. That way, folks doing data mining or data quality will be happy.

    If your devs need SSN access to develop your application, ask them why the hell they need to work on the production DB!

    There's eventually going to be folks who need access to the real data. Hire a large football player, dress him in a suit, and have a "come to jesus" moment with any employee to make sure they understand how serious this is.

  6. Re:Pretty much a solved problem... by corbettw · · Score: 3, Funny

    This is pretty much a solved problem.

    As opposed to formatting comments on a discussion board?

    --
    God invented whiskey so the Irish would not rule the world.
  7. Re:I just wish by Zerth · · Score: 2, Funny

    The trick is to make the tool and not tell them about it.

    Even better, develop a form that you make everyone fill out when requesting data which is really just the arguments for your script. I had a coworker who was constantly praised on his responsiveness to requests because his mail->sql->excel->mail script always responded in (int(rand()*10)+5) minutes.

    Well, until he forgot to turn it off when he had the flu and somebody noticed "he" kept working. He literally replaced himself with a (not so) small shell script.

  8. Re:Easy by SEWilco · · Score: 1, Funny

    the next person you hire to fill the roll

    Fortunately it doesn't tend to take much training to replace a bakery worker. Whether you're filling the rolls by hand or by machine, whoever fills the role should get up to speed quickly.

  9. Re:Easy by The_Mr_Flibble · · Score: 2, Funny

    I work for a government department and there are large quantities of information regarding proper procedures for data handling unfortunately no ones allowed to read them as they are deemed sensitive data.