How Do You Deal With Sensitive Data? 226
imus writes "Just wondering how most IT shops secure sensitive data (customer records). Most centrally managed databases seem to be monitored and maintained very well and IT workers know when they are tampered with or when unauthorized access occurs. But what about employees who do legitimate selects from these databases and then load CSV files and other text files onto their laptops and PDAs? How are companies dealing with situations where the database is relatively secure, but end-use devices contain bits and pieces of sensitive business data, and sometimes whole segments? Does anyone use sensitive data discovery software such as Find_SSNs or Senf or other tools? Once found, how do you deal with it? Do you force encryption, delete it or prevent extracts?"
Sensitive Data (Score:5, Funny)
I try not to talk loudly around it, and make sure it's emotional needs are met.
Our hospital records are strongly protected (Score:5, Funny)
we use a robots.txt file and a strongly worded "keep out - private data" header on all important records
Re:Unless of course, you're.. (Score:3, Funny)
Enforce Strict Naming Conventions (Score:5, Funny)
And for storage, I burn them all to DVD and put them inside empty "Aerosmith" jewel cases. Keeps them nice and safe from prying eyes.
Why do they need access? (Score:5, Funny)
Ask yourself why the employees need the SSN access in the first place!
Tell your DBA to create a view which replaces the SSN with some other random number for every possible person with DB access. That way, folks doing data mining or data quality will be happy.
If your devs need SSN access to develop your application, ask them why the hell they need to work on the production DB!
There's eventually going to be folks who need access to the real data. Hire a large football player, dress him in a suit, and have a "come to jesus" moment with any employee to make sure they understand how serious this is.
Re:Our hospital records are strongly protected (Score:1, Funny)
Our hospital uses stronger means: besides robots.txt our headers say "Keep out - only private data of our celebrity customers (including Ms Portman)".
We are actually still doing financially fine, though our legal fees are unusually large.
Re:Sensitive Data (Score:2, Funny)
I try not to talk loudly around it, and make sure it's emotional needs are met.
No wonder sensitive data is lost so easily in Microsoft Windows... it's still scared of the chairs.
Re:Pretty much a solved problem... (Score:4, Funny)
This is pretty much a solved problem.
As opposed to formatting comments on a discussion board?
Re:I just wish (Score:3, Funny)
The trick is to make the tool and not tell them about it.
Even better, develop a form that you make everyone fill out when requesting data which is really just the arguments for your script. I had a coworker who was constantly praised on his responsiveness to requests because his mail->sql->excel->mail script always responded in (int(rand()*10)+5) minutes.
Well, until he forgot to turn it off when he had the flu and somebody noticed "he" kept working. He literally replaced himself with a (not so) small shell script.
Re:Enforce Strict Naming Conventions (Score:1, Funny)
I code-named one project PMS. Urinary Tract Infection does wonders too.
Re:Easy (Score:2, Funny)
Fortunately it doesn't tend to take much training to replace a bakery worker. Whether you're filling the rolls by hand or by machine, whoever fills the role should get up to speed quickly.
Re:Easy (Score:2, Funny)