Rick,
Yes, I am taking it personally, because I have witnessed first-hand how sloppy individuals
can become with sensitive data. The following is a true story that happened about 5 years
ago at The Boeing Company, which is where I work:
Everyone in our building (~270 employees at the time) received an e-mail concerning a
required training course that we needed to take. We were directed to a web site, which
included a link to a .mdb file for scheduling the course. I was quite surprised to notice
that all of a sudden a 6 MB .mdb file was being downloaded to my temporary files folder.
This turned out to be the front-end of a split Access database. It opened up with a gaudy
looking switchboard form that included a textbox where we were suppose to enter our SSN.
Being the curious cat that I am, I was able to close this form and press F11 to display
the database window. I noticed approx. 30 linked tables in this database. One of them
indicated Employees. I opened this table and noticed columns named Org (organization) and
SSN. Within a few minutes, I had over 1800 social security numbers in my possession! I
created a quick query, with a criteria on the Org field, and I had a recordset that
revealed the SSN's of about 70 people in my building, who had apparently already
registered for the training course. Of these 70 people, 10 of the numbers belonged to
first and second level supervisors in my building! I filed a quick complaint with Boeing
Computing Security. They contacted the owner of the database, who then implemented Access
security, which at least made it so that I couldn't directly open the table or create my
own query. At the time, I didn't know that Access security wasn't all that great. I
realize that this was one sloppy-ass example but, yes, to answer your statement, I am
taking it personally!
If I am a lowly HR clerk whose job it is to enter and edit this data then
clearly I have the ability to print it or copy it to disk and walk out the
door with it.
You might have the ability to print one record at a time. It is doubtful that you'd have
the required privileges to create a query that returned all of the names and SSNs in a
recordset. Thus, the opportunity costs would still be fairly high--it could take forever
to print a separate page for each employee in a large Fortune 500 company. It is doubtful
that you could copy it to disk and walk out the door with it.....unless the data was
stored in an Access database. Then the barrier would be significantly lowered for you.
What could possibly stop me?
SQL Server or Oracle security that was properly implemented. With Access, there would be
nothing to stop you. You could take the data home and have all kinds of time to crack any
security in the privacy of your home.
Regardless of any other precautions taken at some level you have people
who DO have access to the data that must be trusted with it.
Of course. I am in full agreement with this statement.
You are apparently taking the position that all sensitive data has to be
in a server-based db.
I'm taking the position that all sensitive data stored by electronic means SHOULD be in a
server-based db. There is a lot of sensitive data that can be stored on paper, and this
should be kept under lock and key.
Do you believe that in the entirety of the corporate/government realm that
there is no such thing as a sensitive Word document or Spreadsheet?
Of course not. At times, I have seen idiot supervisors who sent an Excel print job to a
networked printer with sensitive information, and then they apparently forgot to go pick
it up immediately. There it was, for anyone to see. Just because it happens doesn't mean
that I think it is ok.
If not, how do you suppose those files are protected? The answer is that
they are on secure networks or locked up in vaults on physical media.
That's a big assumption! In the case of the supervisors I have mentioned, they're
probably stored unencrypted on the local hard drive.
A locked leather satchel is not very secure, but if I take that satchel
and place it in a bank vault then it is.
I am in full agreement with this statement.
My whole point from the beginning of this thread is that securing data
does not have to involve security measures built in to the file format itself.
That is the whole reason we have network security.
Yes, but your initial response to my post indicated that you could allow one to access
sensitive data, using an Access database, and rely on network security to protect it.
That's just not true, as Michael Kaplan affirmed in his reply.
Tom
________________________________________
Clearly you're starting to take this conversation personally or you wouldn't be
resorting to such rhetoric.
If I am a lowly HR clerk whose job it is to enter and edit this data then
clearly I have the ability to print it or copy it to disk and walk out the door
with it. What could possibly stop me? Regardless of any other precautions
taken at some level you have people who DO have access to the data that must be
trusted with it.
You are apparently taking the position that all sensitive data has to be in a
server-based db. Do you believe that in the entirety of the
corporate/government realm that there is no such thing as a sensitive Word
document or Spreadsheet? If not, how do you suppose those files are protected?
The answer is that they are on secure networks or locked up in vaults on
physical media.
A locked leather satchel is not very secure, but if I take that satchel and
place it in a bank vault then it is. My whole point from the beginning of this
thread is that securing data does not have to involve security measures built in
to the file format itself. That is the whole reason we have network security.
