FREE Subscription to Dr. Dobb’s Digest: Same Great Content, New Digital Edition
Site Archive (Complete)
ABOUT US | CONTACT | ADVERTISE | SUBSCRIBE | SOURCE CODE | NEWSLETTERS | RESOURCES | BLOGS | PODCASTS | GO PARALLEL
Database Blog: Insider Access to Data
DATABASE
EXCEPTION::QUERY

A Blog About Database Products and Technology.

by Kevin Carlson
SELECT * FROM [Musings]

Database matters.

by Niklas Hemdal
April 21, 2006

Insider Access to Data

I was reading an article in the latest ComputerWorld (April 17th, Page 20, "Misuse of Insurer's Data Points to Inside Threats"), and I thought about a number of my clients. I work mostly in the Healthcare industry, and there is lots of data stored in the databases I work with that needs protection.

The article mentions that while the perimiter of such databases is likely secure (mine are), there is little control over what insiders can do with the data.

My applications commonly password protect data, and more importantly, log information about who touches what in the database. Unfortunately, an insider with system administrator credentials and access to the appropriate tools can do pretty much anything they want, and not leave a hint as to exactly what they have done.

Given the current technology, the only solution I can think of is to limit system administrator access a great deal more than we have thus far.

How about you? What have you done, or are you doing to limit insider access to your data?

Posted by Douglas Reilly at 04:11 PM  Permalink



 
INFO-LINK


| All Feeds
© 2009 TechWeb, Privacy Policy, Terms of Service, United Business Media LLC
Comments about the web site: webmaster@ddj.com