Forgot your password?
typodupeerror

How Do You Deal With Sensitive Data? 226

Posted by ScuttleMonkey
from the just-turn-off-db-access-for-everyone dept.
imus writes "Just wondering how most IT shops secure sensitive data (customer records). Most centrally managed databases seem to be monitored and maintained very well and IT workers know when they are tampered with or when unauthorized access occurs. But what about employees who do legitimate selects from these databases and then load CSV files and other text files onto their laptops and PDAs? How are companies dealing with situations where the database is relatively secure, but end-use devices contain bits and pieces of sensitive business data, and sometimes whole segments? Does anyone use sensitive data discovery software such as Find_SSNs or Senf or other tools? Once found, how do you deal with it? Do you force encryption, delete it or prevent extracts?"
This discussion has been archived. No new comments can be posted.

How Do You Deal With Sensitive Data?

Comments Filter:
  • by cheebie (459397) on Monday July 28, 2008 @06:33PM (#24376489)

    I try not to talk loudly around it, and make sure it's emotional needs are met.

    • Re: (Score:2, Funny)

      by Spy der Mann (805235)

      I try not to talk loudly around it, and make sure it's emotional needs are met.

      No wonder sensitive data is lost so easily in Microsoft Windows... it's still scared of the chairs.

      • by KGIII (973947)

        Hey mods? I am a VERY optimistic Windows fan and even I found this to be funny and not flamebait. I'm not a fanboi or anything but, if anything the parent post is offtopic and was hoping for a funny mod (I suspect as that's how I found it) but surely isn't meant to incite responses that create dissonance.

        You could say it didn't promote additional communication but it did in that I'm responding to the moderation of it.

        I don't even normally use my mod points because I don't think I'm really that qualified but

    • I try not to talk loudly around it, and make sure it's emotional needs are met.

      But what about YOUR needs?

      Seems to me that if you're willing to go that far, then it should be happy to go with you everywhere you go. Hallway conversations and performance reviews would be a good start.

  • Easy (Score:4, Insightful)

    by pak9rabid (1011935) on Monday July 28, 2008 @06:34PM (#24376499)
    Pay your employees enough to make protecting your company's data on their computers/PDAs worthwhile.
    • by Channard (693317) on Monday July 28, 2008 @06:38PM (#24376579) Journal
      .. The UK Government [scotsman.com]. 600 lost laptops over the last ten years! Including two from the MOD with very sensitive data on them. And that's just electronic data. Despite the public being told how important shredding documents is, some commercial enterprises seem to be just chucking sensitive data out in the bin, unshredded.
      • Re: (Score:3, Funny)

        by pak9rabid (1011935)
        Incompetence aside, of course ;)
        • Um (Score:5, Insightful)

          by Mateo_LeFou (859634) on Monday July 28, 2008 @06:53PM (#24376789) Homepage
          Isn't the point of GP that when you pay the proper amount, you can often count on -- gasp -- *competent people coming to work.
          • Re: (Score:3, Insightful)

            by magpie (3270)

            Since when have pay and competence had anything to do with each other?

            Look in your average board room if you want evidence of the lack of a link.

        • Re: (Score:3, Interesting)

          by nahdude812 (88157) *

          You can never pay someone enough that they can't be paid some more to "lose" a laptop with data on it.

          We work hard to mitigate corporate espionage (which is surprisingly common), but no matter how much they're paid, someone can get greedy and take a $30k bonus in cash to give up some data.

      • Re: (Score:3, Informative)

        by MrZaius (321037)

        This actually raises a valid point - Like every other reasonably competent government out there, the poster should do full disk encryption on every portable device and ban those incapable of it from the network (along with all employee owned devices). The poster should just do it a fair bit more quickly.

        Truecrypt's free. Lenovo's disk encryption is free and allows biometric use if you're using their laptops. The generic mainstream commercial options are less than a hundred dollars a head in many cases.

        There

        • by VdG (633317)

          It seems to be difficult to get people to exercise proper control of sensitive data. I'm sure that all - or most, anyway - of the government departments and businesses have clear policies on the subject which their staff are required to read. But people see a lot of memos and policy docs and clearly a lot of them aren't taken terribly seriously. Better employee education seems needed. Not just a heavy hand when people are caught, but to make it clear what the consequences to the employee, employer and d

      • by g0bshiTe (596213)
        We chuck our old gear in the bin, but only after the harddrive platters have been exposed using a 4 pound sledge hammer.

        It's fun playing Office Space when it's time to get rid of old gear.

        Queue Dynamite Hack "Cause the boy's in the hood"
    • Re:Easy (Score:5, Insightful)

      by QuantumRiff (120817) on Monday July 28, 2008 @06:48PM (#24376723)
      Try having well written, very clear policies that that kind of action is forbiden. Of course, a piece of paper means crap to most employees, but the first time you fire someone for violating that policy, the grapevine and water cooler will provide more training than a dozen hour long meetings could convey..
      • Re:Easy (Score:5, Insightful)

        by techno-vampire (666512) on Monday July 28, 2008 @07:39PM (#24377419) Homepage
        Try having well written, very clear policies that that kind of action is forbiden.

        It's all well and good having policies like that, but if your employees either don't know about them or can plausibly claim they don't know, they won't do any good. Every employee who has, or even might have access to sensitive data should be required to sign a copy of that policy and it should be part of their records. That way, if anything happens, they won't be able to pretend they didn't know they were violating company policy. Depending on local laws, this might help you avoid (or defend) a suit for wrongful termination.

      • Start at the top (Score:5, Interesting)

        by Anonymous Coward on Monday July 28, 2008 @07:53PM (#24377607)

        The main problem usually happens at the top - or the legal department.

        I worked at a place with a clear and documented policy against transmitting sensitive information over insecure networks - including the old text pagers from RIM (prior to the GSM blackberry). It was routine for me to receive sensitive/proprietary information on my pager from legal counsel. When I pointed out their failure to secure that data, they simply said I was paranoid - not that I'd misinterpreted the policy. They were too busy to worry about that. I documented every instance and handed 1 copy to the CIO, another to the secretary of the Chief Counsel and the final with the CEO's secretary since I couldn't get in to see either of them. I did this on my last day working there - left for a better job.

        Turns out the new job wasn't any better with important data - they wanted me to recover data from a desktop where they escorted the contractor out of the building. I don't know why. Seems he didn't really use the machine and remoted into his home server and a colo server for almost everything. The contract didn't ensure he placed all the code into the corporate SCS weekly or that he would document it or write manuals. 6 months of hourly cash paid and basically nothing to show for it. I did find a password protected ZIP file full of stuff - took 3 days to brute force it, but it was over 3 weeks old and the code didn't run.

        The company didn't even have a $20 background check performed before giving him access to the network. I would have liked a clean drug test too.

        Also, being tight at the start of a company is easier than after the barn doors are already open. Most of us start ups don't have the willpower to do this - or the technical expertise.

        • by plover (150551) *

          The cure has to come from the tip-top, as well. Your company needs a Chief Information Security Officer, meaning an executive with a seat on the board. The CISO needs the support from the board to write these policies, the authority to punish violators (including the UberSalesGuy in marketing,) and the balls to do so when necessary. He also needs to be qualified for the position, and to have a qualified and competent staff working for him.

          The best way for that to work is for the CEO to introduce him an

          • by Ihmhi (1206036)

            A good CISO should definitely make use of Tiger Teams. Easiest way to show that security is necessary is to hire a third party to attempt to break into your systems, steal data, etc.

            At the next board meeting, I think the CISO will have support when he brings up the theoretical losses (cash, data loss, etc.) because of the lax security.

            • My experience with companys that try to steal data has been laughable. The best the last guy could get was that we gave him a sheet of blank paper and a empty cardbord box.

              He claimed he could use this to steal more data. We are a community college, if someone comes in asking for a sheet of paper, I feel we would be rude not to give it to them.

              He also took issue with my office being unlocked. Of course my notebook is full disk encrypted and always on my person so the most he could of stole was my monitor aft

              • by Ihmhi (1206036)

                Hire an admin or colleague that only you know and that you know can break into systems?

        • I would have liked a clean drug test too.

          Sounds like you could take some lessons on not collecting data that's none of your fucking business.

      • Re:Easy (Score:5, Insightful)

        by syousef (465911) on Monday July 28, 2008 @08:02PM (#24377737) Journal

        but the first time you fire someone for violating that policy

        Another one that thinks the solution is to fire employees, and gets modded insightful. You know what I get the impression that most slashdotters would make piss poor bosses. Firing employees randomly when they violate a policy to set an example isn't exactly smart.

        Do you know what it costs to hire an employee, and get them up to speed doing their job well? Never mind the fact that the next person you hire to fill the roll might be a dud, or that the job market may mean the position goes unfilled for quite some time. Do you know what it does to morale? That gossip around the water cooler gets people updating resumes and looking for work elsewhere before they're fired for some other petty reason to set an example. Then there's the legal aspect - if you're wanting to avoid unfair dismissal claims providing clear guidelines is just one step - you have to show that the on the spot firing was justified. Then there's the human aspect - unless you're a soul-less piece of shit that cares not a jot about destroying a family's livelihood you may want to look for actions that don't leave people jobless.

        • Re: (Score:2, Insightful)

          by myowntrueself (607117)

          Firing employees randomly when they violate a policy to set an example isn't exactly smart

          I'm sorry but I'm having trouble making sense of your sentence.

          How, exactly, is firing someone for violating a very clear, written and signed policy in the least bit 'random'?

          Maybe you have a different idea of 'random' to the rest of us... just checking.

        • Re: (Score:2, Funny)

          by SEWilco (27983)

          the next person you hire to fill the roll

          Fortunately it doesn't tend to take much training to replace a bakery worker. Whether you're filling the rolls by hand or by machine, whoever fills the role should get up to speed quickly.

      • Re: (Score:2, Funny)

        I work for a government department and there are large quantities of information regarding proper procedures for data handling unfortunately no ones allowed to read them as they are deemed sensitive data.
    • Re: (Score:2, Insightful)

      by glitch23 (557124)

      Pay your employees enough to make protecting your company's data on their computers/PDAs worthwhile.

      You can only pay employees so much and it will probably never be able to match what organized crime would pay someone to steal the data. That's where background checks on all employees helps but still not guarantee that you can trust your employees.

  • Policies (Score:4, Interesting)

    by larien (5608) on Monday July 28, 2008 @06:36PM (#24376545) Homepage Journal
    Partly, you need policies to discourage end users copying data anywhere it's not needed. And I really, really mean discourage, up to and including possible sacking.

    At a technical level, every laptop/portable data storage device should have its hard drive encrypted. Disable USB ports if you can get away with it, or at least put software on which forces encryption of files sent to USB keys. That will cover most of your issues.

    Users will legitimately require access to sensitive data as part of their job; the IT department should have the power to ensure they don't do it in a way that exposes the company to the embarassment of losing a laptop with SSNs in the subway...

    • Re:Policies (Score:5, Insightful)

      by aztracker1 (702135) on Monday July 28, 2008 @06:57PM (#24376841) Homepage
      Personally, I can't see *ANY* instance where a full set of SSNs for more than a handful of people should *EVER* be needed on a laptop... I mean, if you are entering data, sure... but WTF should anyone be carrying around some of the information that gets leaked.

      I think *IF* such information is needed for lookups, then a 1-way hash is a necessity. If you aren't responsible for dispatching to customer locations on a weekend, then you shouldn't need street addresses. I can see needing some information for customers, but SSNs, or CC data should *NEVER* be on anything outside of the office, or a backup storage facility.

      It's that simple. No SSNs leave the office... No CC information leaves the office... no street addresses leave the office, unless absolutely necessary.

      I've seen smaller companies that have the entire database in the "on call" laptop, that gets copied from the server friday, and to the server monday.. I shudder every time I think about it...
      • by bucky0 (229117)

        Not to pick nits, but a 1-way hash of SSNs don't do you much good. Though it's a hash, you get limited to the keyspace of the SSN which is trivially reversible. (instead of 2^80 possibilities, you get 10^9)

      • by Moraelin (679338) on Monday July 28, 2008 @07:46PM (#24377517) Journal

        And you might have gotten away with it too, if it weren't for those pesky kids... from marketing and sales.

        Honestly, I don't know about government, but it most other places it seems to invariably be some sales or marketing guy who's lost a hard drive full of SSN's and contract data and whatnot. I guess it's simply a tale of greed. The prospect of selling an extra copy/insurance/account/contract is tempting enough to override all other concerns. So when you try saying that Mr Marketing GOD can't take all that data with him, guess who wins? Remember also that he's the guy who knows how to sell stuff to people, including his side of the story, while you're probably the security nerd that doesn't even speak management.

        To go on a roundabout tangent towards how _I_ would fix it: the funny thing is that the market can work in funny ways too. In a "bad money drives good money off the market" way. It applies to more than that. E.g.,

        - if some people can get away with tax evasion or corruption, they undercut and drive off the market the honest merchants. (See most of the ex-Communist Bloc.)

        - if some people can get away with monopolistic behaviour, they drive off the market those who don't. (See MS.)

        - and if some people can make a few extra bucks or save some costs by wiping their ass with your privacy, they gain an avantage over those who don't, and may eventually even drive them off the market one way or another.

        Etc.

        The thing is, the free market is just an optimization algorithm. It takes a given set of constraints, and eventually moves the economy towards a more optimal state. Optimal for those constraints. But like any optimization algorithm, you must make sure you set the constraints you need, or the solution may be something else than you expected. Bad behaviours can (and usually are) more "optimal" than good behaviours, if left unregulated. And eventually those who weren't destructive, either get the clue when the others are eating their lunch, or get to get bankrupt/bought/whatever.

        So basically what I'm saying is that nothing will really get fixed as long as there _is_ an economic advantage in ignoring privacy and security, and just giving the salesmen anything they want. The only way to fix it is if there was some kind of a negative feedback in the loop. When they'll stand to lose more money by losing your data, than anything they could gain by mis-using it, _then_ they'll start taking it seriously. Until then, nope.

        And it's not just a matter of personal principles and doing the right thing, regardless of what everyone else is doing. You're not isolated from the rest of the economy. If anyone wanted to be the "good" guy there, will find that the "bad" guys have an advantage over him. If he doesn't care, maybe his boss does, or maybe the shareholders just get rid of those shares and reward the bad guys instead.

      • Re: (Score:3, Informative)

        by cool_arrow (881921)
        It's a good idea to limit who gets your ssn. I'm having surgery done on my knee in a couple of days which has entailed seeing 4 docs at 4 diff offices (MRI etc). They all want your SSN when filling out their paperwork - I simply didn't put mine down on any of them. Two of them brought it to my attention and my response was "I don't give it out". Didn't have a problem. I could see if I wanted credit or was borrowing money from a bank. Otherwise don't be too eager to give it out.
    • Oh, and for the Mac people out there -- encryption means full disk encryption. Not FileVault.

      • Which brings up a question I've had for a while but not had the energy to investigate. All of the notebooks we use where I work are encrypted with full disk encryption. Are there any good applications for doing the same on my personal macbook?

        Currently I use truecrypt to create volumes to store all my personal information, but I would love full disk encryption.

        • If someone steals your notebook, they can remove the drive and use a $15 adapter to access all of the unencrypted information on your disk. Or they could use ERD Commander or BartPE to reset your administrator password and access the machine directly. Depending on how clueful the attacker is and how you manage your passwords, your Truecrypt volumes may or may not be secure.

          With full-disk encryption, you're not going to be able to even tell that the volume exists. The most affordable FDE for an individual Wi

          • I totally understand all that. I was actually asking for tools/programs that would allow me to have full disk encryption on my mac. We already have full disk encryption on my windows machine via truecrypt (it does full disk encryption on windows) and on my linux box via lvm encryption (thanks ubuntu for making that so easy!).

            What I need is one for mac (as you pointed out, filevault is not full disk encryption.)

            BTW full disk encryption via truecrypt is very awesome imho. It works fast and painlessly and allo

    • For the most part, official policies are just there to protect the organisation from prosecution.

      Policies might tell staff to shred customer documents, but are shredders made available? Probably not. Instead the docs are put in boxes for shredding and recycling and get lost during transit to the bulk shredding service across town.

      Policies on passwords and data locking? Yup they are there, but are they effectively implemented? Are staff trained? Are there automated procedures to force frequent password chang

  • by Anonymous Coward on Monday July 28, 2008 @06:38PM (#24376573)

    we use a robots.txt file and a strongly worded "keep out - private data" header on all important records

  • I just wish the people where I work were actually smart enough to export customer data and manipulate it so I wouldn't have to for them.
  • by bugnuts (94678) on Monday July 28, 2008 @06:47PM (#24376703) Journal

    Once found, how do you deal with it? Do you force encryption, delete it or prevent extracts?

    First off you need to have a policy on who is allowed to extract it, and how they should handle the data (be it encryption, keeping the data on-site, etc).

    But here's the trick: If you find data kept in violation of the policy, you send EVERYONE to training. I'm talking mandatory training where they lose computer access (and thus, don't get paid) until they do the training. All new hires have to do it, too. Make it really boring, and administered after normal work hours.

    After the first time everyone is sent to training for some poor schmuck being careless, I guarantee nobody will ever violate policy again.

    • by syousef (465911)

      I'm talking mandatory training where they lose computer access (and thus, don't get paid) until they do the training. ...and...
      After the first time everyone is sent to training for some poor schmuck being careless, I guarantee nobody will ever violate policy again

      Boy am I glad you're not my boss. You may also wish to check what the laws are like where you are. What you're proposing is bound to be illegal in at least some (sane) places.

    • by houghi (78078)

      Please can I go? After hours are illegal where I live and will either result in the company paying me twice or me getting days off. If I can do that 4 days, I can stay home on friday, so yes please.

    • by mollymoo (202721)

      But here's the trick: If you find data kept in violation of the policy, you send EVERYONE to training. I'm talking mandatory training where they lose computer access (and thus, don't get paid) until they do the training. All new hires have to do it, too. Make it really boring, and administered after normal work hours.

      After the first time everyone is sent to training for some poor schmuck being careless, I guarantee nobody will ever violate policy again.

      You certainly wouldn't have to worry about me vio

  • We use forced whole disk encryption on all laptops. Additionally, you can look at data loss solutions like you've suggested but I'd recommend something a bit more holistic, like Cisco's Security Agent, which provides a centrally managed firewall, IPS, anti-virus and data loss protection function all from a single installed agent.

  • 12345 (Score:5, Insightful)

    by lazycam (1007621) on Monday July 28, 2008 @06:49PM (#24376725)
    The strength of your encryption means nothing in the face of a user who insists on using their birthday as a password or keep a post-it on their computer monitor. Unless you are able to force individuals to use strong or randomly generated passwords you are at a loss. In the end, human behavior will circumvent our best security.
    • by bugnuts (94678)

      "What a coincidence... that's the same password on my luggage!"

      Forcing users to use strong or randomly-generated passwords tends to lead to keeping it on a post-it note on the monitor!

      But post-it notes with a difficult password are not inherently bad. Just store the note in a safe on-site where the data are stored. If someone has access to the safe, they also have access to the disk drives.

      For laptops going off-site, encrypt it with the user's public key. Make that encryption part of the extract (which w

    • Re: (Score:3, Interesting)

      by Anonymous Coward

      I have 16 personal passwords at work, and 10 shared passwords.
      All change, some daily, some weekly, some monthly. Oh, and did I mention they retain our passwords for 3 years to prevent re-use, and run them against dictionaries so anything not random rejects.

      Keeping track of these things is a huge pain, you never know what password you used, and most of the systems have a 3 tries and you're locked policy.
      They even have the password databases tied together so if you use one password on one system, it can't be

      • by Sobrique (543255)
        My situation is similar.

        I work for an outsource, based as a financial institute. We have our 'work email' password. Our 'work remote access password'.

        We have our standard login account password (which thankfully, is synced to the laptop encryption thingy). I also have two admin accounts for 'production', 3 for 'preproduction', and one for 'test'. There's also a few 'key' router/switch login/management accounts.

        And we have a helpdesk system, and a separate change management system.

        And because we're doi

      • by VdG (633317)

        With my previous employer, we used to use Password Safe to store various passwords. One on a network drive for the team, (for admin passords and the like) and one for each individual. That seemed to work OK, as it meant that there was only one password to remember. The shared one also meant that we could enforce regular changes to the root password(s) without too much trouble.

        Obviously the consequences of someone getting that one password could be quite serious, so you still need to enforce good password

    • Re: (Score:3, Interesting)

      by Bios_Hakr (68586)

      When it comes to employees, especially non-technical ones, the best bet is to generate a password for them. Have the password printed on a laminated card along with 15 other random passwords. Give this to employee and tell them to (very good) keep it in their wallet or (less good) even post it on a monitor.

      Only they know which of 15 passwords it is. If they lose their wallet tell them to call you right after they call the DMV and their CC company.

      Check the logs for bad password attempts and then call the

      • What about employees marking which password is theirs? Not to mention that someone only has to try 15 passwords, seems like a bad idea. Even if the system locks them out after 5 bad passwords, that's a one in three chance that someone can guess their way into the system.

        • by Bios_Hakr (68586)

          If you let them post it on the monitor, no reason you can't make a list of 50 passwords. As for marking, add it to the network use policy that it's grounds for termination and then do a random walkaround.

    • The strength of your encryption means nothing in the face of a user who insists on ... keep[ing] a post-it on their computer monitor.

      What's so bad about that? There is a certain level of privacy expected in the workplace. If the company has an issue with a snooping ronin employee, audit trails should reveal it pretty quickly, and result in a swift termination. It is a fact of life that not everyone will remember every password they are bombarded with, so it's stupid to fight it. Just find the least da

    • by houghi (78078)

      Ah yes, the defence of every IT department on security is to add more complex passwords.

      The result is that at this moment I have for my work 7 different personal logins on about 20 different systems. So with those 20 places (and 7 logins that I can't change) do you think that having a random password, that I must change at different times, on each of these 20 systems is safer?

      Well, I know it is not. I will start either writing them down, or I will start using less secure systems, or I will call you each day

  • Send letters (Score:4, Insightful)

    by chinakow (83588) on Monday July 28, 2008 @06:49PM (#24376729)
    From what I can see, most companies wait until the sensitive data is lost or stolen then they send every customer a letter telling them it is gone and offering to pay someone to keep an eye on their credit. Other than that, I think the policy must be, "ignorance is bliss." That is just my two cents.
  • by jaguth (1067484) on Monday July 28, 2008 @06:50PM (#24376743)
    I name all of my sensitive files, databases, tables, and fields with names that nobody would want to touch, such as "Smashing Pumpkins Discography DB", "tblPeeWeeHerman", "Oprah.txt", ect.

    And for storage, I burn them all to DVD and put them inside empty "Aerosmith" jewel cases. Keeps them nice and safe from prying eyes.
  • We use specific user names and strong passwords (not user selected) behind a strong firewall and web encryption.

    But the reality is that anyone could stick the query results to file on a flash drive ...

    • Sticky note on my monitor with pre-generated passwords... check!

      Generally I find that a 3/4 rule for a 10+ character password works... Upper, Lower, Number, Non-AlphaNumeric. Suggest that users do short phrases like... "c is for cookie" even "c 1s 4 c00k13" works... this is generally pretty strong, far easier to remember, and less likely to be written down/stolen.

      Point out the concept of the above to people, and they are far more likely to use a secure password, that they can live with... Using a co
  • by bockelboy (824282) on Monday July 28, 2008 @06:50PM (#24376761)

    Ask yourself why the employees need the SSN access in the first place!

    Tell your DBA to create a view which replaces the SSN with some other random number for every possible person with DB access. That way, folks doing data mining or data quality will be happy.

    If your devs need SSN access to develop your application, ask them why the hell they need to work on the production DB!

    There's eventually going to be folks who need access to the real data. Hire a large football player, dress him in a suit, and have a "come to jesus" moment with any employee to make sure they understand how serious this is.

    • Re: (Score:3, Interesting)

      by aztracker1 (702135)
      totally agreed.. I'd say have a special lookup table for SSNs, and have a 1-way hashed version in the main table/views... no select queries for the SSN, only an sproc where you enter the key, and get the value, for use in a program where you need to see it... for those that need to "lookup" a record based on SSN, then you can hash it, and search based on the hash. Unless you need it for filling out medical, tax, or other government records, there is *NO* need for any person to have access to a raw table wi
      • Re: (Score:3, Informative)

        by plover (150551) *

        Beware. Hashing SSNs is dirt-easy to crack with a dictionary attack. There are only 10^9 possible SSNs. Let's say you hashed them all with SHA-1, which I have personally benchmarked on my crappy 4-year-old desktop machine at 50,000 hashes per second. That means I could test every possible hash of an SSN in 20,000 seconds, or about 5-1/2 hours.

        And I have, to prove the point to one of our teams that was proposing this exact same system.

        It is "sort-of" possible to do it securely, but your protocols an

        • Add some random salt to the SSN before, and it automagically becomes as secure as any 160-bit hash.

          Bu why would you need to hash them? Just make sure with your usual database permission structure that in most of your applications can access only a view of the table that does not have the SSN column at all.

  • by MartinG (52587) on Monday July 28, 2008 @06:54PM (#24376803) Homepage Journal

    What about employees who do legitimate selects from these databases and then load CSV files and other text files onto their laptops and PDAs?

    What kind of employee? General users shouldn't be doing selects directly anyway, but should be using software that limits what they can query to the minimum information they need, preferably not in a general purpose form like csv. On the other hand the developers of that software need to do all and any kinds of selects for a whole range of reasons. They however, should not be let anywhere near the actual production databases.

    This is how we do it anyway.

    • Re: (Score:2, Insightful)

      by Tablizer (95088)

      General users shouldn't be doing selects directly anyway, but should be using software that limits what they can query to the minimum information they need, preferably not in a general purpose form like csv. On the other hand the developers of that software need to do all and any kinds of selects for a whole range of reasons. They however, should not be let anywhere near the actual production databases.

      Users always want to manipulate info on spreadsheets to adjust it to their needs or pretty it up. Thus,

    • by houghi (78078)

      What kind of employee?

      The CEO and the CFO kind of people who tell you to shove it and fire you when you want to impose restrictions to them, their internet access or their dog.

  • by Joe The Dragon (967727) on Monday July 28, 2008 @07:02PM (#24376903)

    Don't let PHB's run the show and don't buy based on golf course meetings.

  • I erase it. Completely.
  • by Bandman (86149) <bandman@gmail . c om> on Monday July 28, 2008 @07:11PM (#24377023) Homepage

    I can't imagine a need for an employee to have any bit of our client's data on their PDA. There's really no excuse for that at all.

    As for laptops, sure, we issue our employees laptops, with which they are able to work from home via VPN. There are occasions where the employee will have to save and modify excel spreadsheets, or CSV files, as you mentioned.

    Ideally, whole drive encryption would be utilized, but it's not (yet) in our case. I've been behind the times implementing that.

  • by bogaboga (793279) on Monday July 28, 2008 @07:24PM (#24377197)

    Well, in our environment, (an insurance company), the system will allow those authorized to copy data onto their notebooks, but what happens is that what actually gets written or copied are not the actual data. From what I know it goes something like this:

    Say the actual Name is John Doe and SSN is 123-456-789 and DoB is 1976-12-08, what gets copied is something like Name: XvfC Gzd, SSN: 908-954-213, DoB: 2788-98-98.

    So you work with the dummy data instead of the actual thing. Once done with whatever you wanted to do, the data get processed to reflect the needed changes before being written to disk.

    Even after getting written, committing only happens after rigorous checks.

  • I work for a big bank (hint). One that had a major customer data scare a few years back. All SSN/Name data is encrypted in the database and in all files. When it needs to be displayed it is decrypted then sent through our https presentation layer, or shown in a fat client of some kind. Ad-hoc reporting (such as pulling files for CSV extracts or whatever) is not allowed, at all on CSI (customer sensitive information) tables. As far as SQL permissions, only the applications that are cetrtified presentati
  • Any project I manage, and most I am influential all, I make it a point to constantly ask "Why are we collecting this? How long do we need to keep it? When can we delete this data?"

    If you don't have it, you can't lose track of it and it can't be stolen from you.

    If you have to store sensitive data -- and in some cases we all do -- you try to isolate the sensitive parts of it from the identifying parts of it. Use hashed values for keys instead of actual names or account numbers, that kind of thing.

    There's the obvious of course -- data on laptops should be encrypted, and the key for that encryption shouldn't be taped to the inside of the battery door.

  • This is pretty much a solved problem. * only grant execute access to stored procedures, no ad hoc or dynamic sql at all * encrypt sensitive information so that backup tapes do not become a vulnerability * don't store anything you don't actually need...there are credit card authorization firms that will give you a token to store, so you never store the credit card number at all, even for recurring payments * segment particularly sensitive data entirely...the HR database should be a different instance on
  • If any of your general (even technical) employees can execute a select statement and get credit card information, you are screwed. For small company, flush your credit card numbers as soon as you are done processing the transaction. (do not log them or persist them in any way)

    If you are a big company and really need to store credit cards beyond the transaction time, you are under the umbrella of PCI. PCI says you need to encrypt and isolate credit card data in a secure repository - where only a few trusted

  • is that this is not an IT issue. IT can help implement the solution, but someone at the "C" level has to consider this serious enough to create and enforce policies. We kill ourselves politically by even bringing up these sorts of issues (controlling what Sales, etc., can do with information), and that just makes the problem worse. We also make our lives miserable when the PHB's afflict us for our presumption. The best thing for you to do is implement sound security within the limits of your position, and
  • Increasingly, applications are living in isolated boundaries, whether cloud, SaaS, or other ways that prevent a direct to user download. It's more difficult to use web apps and disable screen scraping, but others have found techniques that help prevent taking screen fulls of info that in turn, become text/formatted documents that walk out the door. Policy and trust are big helps, including machine lock-downs. But people increasingly reject lock-downs.

    DRM is currently perceived to be unweidly especially in d

  • by pak9rabid (1011935)
    Same way I deal with a whiney girlfriend...with large amounts of apathy, followed by a small amount of back-peddling.
  • I would never let end users directly access that data, instead they would get anonymized unique identifiers for working with the data as an end user. That way if their computer is compromised none of the sensitive data would be. That limits the exposure and centralizes the security. Then who cares if the laptop gets stolen, hacked, dunked in liquid nitrogen, etc... There's nothing there to steal even if its the employee trying to steal it.

  • by rueger (210566) on Monday July 28, 2008 @08:21PM (#24377915) Homepage
    It seems like most of these stories involve some boob carrying data away on a laptop or USB key then losing it or having it stolen. Sure you want to acknowledge and deal with boobishness, but you also really need to address why the boob found it necessary to carry data away from the workplace in the first place, and why management encouraged and/or endorsed that action.

    If employees can complete work during a regular work day then there is no reason to take it home with them.

    If management insists that data security matters, it is possible to set up systems so that it's not possible for employees to copy of chunks of data and remove them.

    The solution likely is to nail these companies to the wall, and make it more expensive to let data out of the workplace that it is to hire more or better employees and develop secure internal systems to protect data.

    As it stands now a company can usually get by with firing one employee and saying "Oh my God! We promise this will never ever happen again!"

    For a start, how about a penalty of $10,000 for every SSN or credit card number released to the wild, no matter what the reason or excuse? Suddenly losing a laptop with 100,000 customer files will become a VERY big deal.
  • "Peekaboo". Would you have guessed it?

  • this might sound stupid: but i just don't keep really sensitive data ...

  • Start by searching hard drives for JPG, MPG, and MP3 files. Copy the good stuff to a USB drive; you can compile quite a collection this way...
  • SENF is cool, but I leveraged Cornell's Spider [cornell.edu] to get my SSN|CC scan on. Even thought I work at utexas.edu (home of SENF), perl > java kthx. :)

  • by trydk (930014) on Tuesday July 29, 2008 @03:19AM (#24381467)
    I work as a contractor for a number of companies and need to take sensitive data home (like their customer contracts, proposals, etc.) on my laptop.

    To make sure I do my best to keep their data away from others (especially since I travel a lot), I encrypt twice. First I encrypt the hard drive (before booting the OS) and then I encrypt the individual customer's files in separate "containers".

    Truecrypt has a nice feature for its encryption of containers (I use files with uninformative names like turbo.dat, haiku.wav, just for the fun of it) that it will automatically unmount the containers when the computer is put into sleep mode or hibernation, which means that no customer data is accessible when I am travelling.

    And regarding common sense: I do not keep any unecessary data on my laptop. I do not copy unneeded data to it and I remove all unneeded data immediately. I keep the different customer's data in separate cointainers and do not open different customer's containers at the same time to reduce the exposure, should somebody steal the laptop from my hands. I keep it locked to a big object whenever I work at a fixed place for some time and always before I leave it out of sight. I lock the screen every time I leave it.

    And guess what? It doesn't take too much time either.
    • by segedunum (883035)
      With respect, you're putting an awful lot of effort into managing this yourself when it really is just too much hard work. It also doesn't get around the fundamental problem that, encrypted or not, double encrypted or not, your data is still physically lost if the laptop gets lost or stolen.

      You can't trust all your employees to manage this themselves, and quite frankly, we use computers and networks so we don't have to think about this kind of crap. Procedures loosen up over time and naturally get lax if
  • You know, in this day of the internet, where you can easily get outside access without too much cost and trouble, VPNs and alike, I'm always amazed that some organisations still think that the way to get outside access to data, or to get data from A to B for access, is to burn it to a CD, download it on to a USB drive or download the entire database into a CSV or even a whole Excel file. I'm also flabbergasted that any non-developer would really need to do this. These files inevitably get left scattered aro
    • by segedunum (883035)
      Oh, and I haven't even touched above on the numerous benefits of central management, cutting down on running around trying to troubleshoot local deployment issues, re-installing and re-configuring local software, provisioning new systems, installing configuring client software when laptops inevitably get lost, stolen or damaged, data cleansing and purging when a machine is due to be scrapped and generally running around like a complete blue arsed fly.

      I'm not sure whether it is the Windows client culture
  • One of the things you might be able to do is to create fake records (don't forget which ones are fake!). Some should never appear on the internet, and some might appear, but you have special contact addresses, email, phone for the,

    Then if the fake records ever show up on Google, or on one of those databases for sale or if someone/something ever tries to contact _your_ Mr Alan Adams (whether via phone, email or snail mail), you know you've got a problem.

    You could have modified records - e.g. have a real pers
  • My employer is currently going through a change of policies after an incident where someone stole laptops which had SSN's on them. They were actually locked up at the time but with flimsy cables. The cables were found cut and the laptops gone. At first the users of the machines said that there had been no sensitive data on them but then, once backups were analyzed, it became apparent that there was a lot of sensitive data present. That's lesson number one. End users often don't even realize the sensiti
  • by Rycross (836649) on Tuesday July 29, 2008 @11:07AM (#24385679)

    We're very picky in the first place about who we allow to access customer data. We have a separate deployment team and production support team who are authorized to see the customer data. The QA team can get copies of customer data to cover certain test cases. This data can be partially scrubbed. The development team only gets thoroughly scrubbed or generated data. We handle data on a need-to-know basis, basically.

    But your question is more geared at legitimate data on laptops. Well, our corporate policy is that all laptops have hard-drive level encryption, no exceptions. If you lose that laptop, you have to report it to our incident team. Your laptop has to be secured at all times in the office, and if you lose track of it at any time in, say, an airport, thats an incident that needs to be reported. You can't let other people use or borrow your laptop if you have sensitive data on it.

    Thumb drives are forbidden unless they are an officially sanctioned encrypted thumb drive. Those thumb drives cannot be used with non-corporate machines. If you violate these rules you can be penalized anywhere from sanctions to termination.

    Additionally, our internet is proxied, firewalled, and heavily monitored. Doing tricks with tunneling to get around the web censor software or firewall rules can get you pink slipped.

    Obviously this is a high level overview. The best thing to do is try to give that data to as few people as possible and make them accountable. If someone has access to that data they can leak it, despite any technological measures you take. The best course of action is to make sure as few people have the data as possible, that they understand how to protect it properly, and that they are properly punished if they don't practice due-diligence in protecting the data.

  • Part of my day job involves security of data and compliance with government regulations to that effect...

    I can state very simply that the vast majority (90%+) of companies which I've seen have done absolutely nothing to secure their data in any way.

    I should state that I'm certain that's not reflective of the real world... as organizations that have their sh*t together aren't nearly as likely to employ our services. However, I'd be willing to bet, given that most companies aren't large and can't afford a se

The "cutting edge" is getting rather dull. -- Andy Purshottam

Working...