Data Protection

[John Barwell]

Dear All,

I run a win2k domain. We will be bringing a bespoke SQL database system on
board in a few weeks. I want to ensure the integratity of this database by
putting some security measures in place. I have concerns that individuals
may try to take the database to a competitor by copying it on to CD or
sending it through email. I would like to put something in place that will
make the database useless if it goes outside my domain. Has anyone got any
ideas? Encryption?

Many Thanks,


John

 

[Keith W. McCammon]

I run a win2k domain. We will be bringing a bespoke SQL database system on

board in a few weeks. I want to ensure the integratity of this database by
putting some security measures in place. I have concerns that individuals
may try to take the database to a competitor by copying it on to CD or
sending it through email. I would like to put something in place that will
make the database useless if it goes outside my domain. Has anyone got any
ideas? Encryption?

Tiered access controls would be my first thought.

In theory, only a *very* limited number of people should need direct access
to the database file store. If you're worried about people mailing the
actual data files, you have a serious access control issue (I.e., everyone's
an admin).

There should also be a software interface with authentication and
authorization capabilities that provides views to authorized users with
need-to-know. That's the single biggest issue with database security, as
most folks tend to allow everyone to read everything, which makes have a
database useless, in many ways. Data can be presented in views, with only a
limited number of users allowed to view a "full dump."

As far as protecting the data files, you can certainly use EFS to encrypt
the data directories, for what it's worth.