My boss would like to store sensitive information in our company SQL Server
database. At the momnt everyone has write access to all data in the
database. in addition the developers can basically do anything with the
database.
I am using Windows security and need to deny acces to the data in the table
to eeryone apart from a couple of groups. In some cases i need to deny
access to data just in one column. I know you can do this, but how reliable
is it?
I am trying to figure out where to start on this.
Should the sensitive data only live in the live database? Should we release
the database and revoke rights at tat moment in time? Presumably i could
write a script to do this.
Is there any way to have the sensitive data in a database that the
developers are developing and be comfortable that the data is secure?
Is the only really safe harbour encryption?
Also, if anyone out there knows a good book on security architecture for SQL
Server, a recommendation would be greatly appreciated.
TIA
SarahSQL Server security is reliable and it works... Regarding DEV... Some
companies treat highly sensitive data by jumbling up anything that
uniquelly identifies the individual prior to making a copy of the data for
devs.
I worked in Healthcare Development, and we all tested with copies of live
sensitive data most of the time... However there were occasions when we
would get copies of data from hospitals that came in with all identifying
data scrambled or removed.
Wayne Snyder, MCDBA, SQL Server MVP
Computer Education Services Corporation (CESC), Charlotte, NC
www.computeredservices.com
(Please respond only to the newsgroups.)
I support the Professional Association of SQL Server (PASS) and it's
community of SQL Server professionals.
www.sqlpass.org
"Sarah" <Sarah@.TT.com> wrote in message
news:%23mrTozL8DHA.2044@.TK2MSFTNGP10.phx.gbl...
> My boss would like to store sensitive information in our company SQL
Server
> database. At the momnt everyone has write access to all data in the
> database. in addition the developers can basically do anything with the
> database.
> I am using Windows security and need to deny acces to the data in the
table
> to eeryone apart from a couple of groups. In some cases i need to deny
> access to data just in one column. I know you can do this, but how
reliable
> is it?
> I am trying to figure out where to start on this.
> Should the sensitive data only live in the live database? Should we
release
> the database and revoke rights at tat moment in time? Presumably i could
> write a script to do this.
> Is there any way to have the sensitive data in a database that the
> developers are developing and be comfortable that the data is secure?
> Is the only really safe harbour encryption?
> Also, if anyone out there knows a good book on security architecture for
SQL
> Server, a recommendation would be greatly appreciated.
> TIA
> Sarah
>|||Why not put it in a seperate database or table, linked to your original
database, and then you have complete control on permissions, without as much
chance of making an 'error' and granting access to the wrong peeps ?
"Sarah" <Sarah@.TT.com> wrote in message
news:%23mrTozL8DHA.2044@.TK2MSFTNGP10.phx.gbl...
> My boss would like to store sensitive information in our company SQL
Server
> database. At the momnt everyone has write access to all data in the
> database. in addition the developers can basically do anything with the
> database.
> I am using Windows security and need to deny acces to the data in the
table
> to eeryone apart from a couple of groups. In some cases i need to deny
> access to data just in one column. I know you can do this, but how
reliable
> is it?
> I am trying to figure out where to start on this.
> Should the sensitive data only live in the live database? Should we
release
> the database and revoke rights at tat moment in time? Presumably i could
> write a script to do this.
> Is there any way to have the sensitive data in a database that the
> developers are developing and be comfortable that the data is secure?
> Is the only really safe harbour encryption?
> Also, if anyone out there knows a good book on security architecture for
SQL
> Server, a recommendation would be greatly appreciated.
> TIA
> Sarah
>|||look into using Stored procedures. these can be used with logins. and grant
rights.
it is a lot of work, but will give you the best protection.
Next is to use the encrypt table. I don't like that option my self.
the quickest way to isolate a DB is to user another DB to make the calls to
the stored procedures.
Note: if you SQL server, can be physically accessed by anyone, then all
these procedures are useless.
"Sarah" <Sarah@.TT.com> wrote in message
news:#mrTozL8DHA.2044@.TK2MSFTNGP10.phx.gbl...
> My boss would like to store sensitive information in our company SQL
Server
> database. At the momnt everyone has write access to all data in the
> database. in addition the developers can basically do anything with the
> database.
> I am using Windows security and need to deny acces to the data in the
table
> to eeryone apart from a couple of groups. In some cases i need to deny
> access to data just in one column. I know you can do this, but how
reliable
> is it?
> I am trying to figure out where to start on this.
> Should the sensitive data only live in the live database? Should we
release
> the database and revoke rights at tat moment in time? Presumably i could
> write a script to do this.
> Is there any way to have the sensitive data in a database that the
> developers are developing and be comfortable that the data is secure?
> Is the only really safe harbour encryption?
> Also, if anyone out there knows a good book on security architecture for
SQL
> Server, a recommendation would be greatly appreciated.
> TIA
> Sarah
>|||Use a copy of the database and run a qry on User & Company identifying
details and Swap all the identifying records around.
Did this when I pass on a production db to another developer.
Don Grover
"Sarah" <Sarah@.TT.com> wrote in message
news:%23mrTozL8DHA.2044@.TK2MSFTNGP10.phx.gbl...
> My boss would like to store sensitive information in our company SQL
Server
> database. At the momnt everyone has write access to all data in the
> database. in addition the developers can basically do anything with the
> database.
> I am using Windows security and need to deny acces to the data in the
table
> to eeryone apart from a couple of groups. In some cases i need to deny
> access to data just in one column. I know you can do this, but how
reliable
> is it?
> I am trying to figure out where to start on this.
> Should the sensitive data only live in the live database? Should we
release
> the database and revoke rights at tat moment in time? Presumably i could
> write a script to do this.
> Is there any way to have the sensitive data in a database that the
> developers are developing and be comfortable that the data is secure?
> Is the only really safe harbour encryption?
> Also, if anyone out there knows a good book on security architecture for
SQL
> Server, a recommendation would be greatly appreciated.
> TIA
> Sarah
>
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment