Where is your data?
I attended a good speech the other day on database security and one issue the guy asked was whether folk knew where their data was. I think some folk have a one dimensional view that data resides in the MS-SQL, Oracle DB and no where else.
As DBA’s can you give me a big list of everywhere corporate data for a specific system can go/end up. For example at a top level if you ask me you information system
1) gets/obtains data (online forms, data feeds, data extracts)
2) stores it and makes it available to the end user via some GIU (web app, intranet app, report viewer i.e. crystal)
3) exports data/processes it further (reports, test databases, extracts, backups)
Are there any more stages? Also where can your data come from? Some systems can obtain the data via online forms, but there must be other apps that get data from other means, i.e. not directly from the user.
Can you give me some examples in the lifecycle of database/information system, everywhere that “data”, intended for the database, can reside in your IT environment? From one extreme to the other, any where data could be stored in the IT environment for stages 1, 2, or 3.
As DBA’s can you give me a big list of everywhere corporate data for a specific system can go/end up. For example at a top level if you ask me you information system
1) gets/obtains data (online forms, data feeds, data extracts)
2) stores it and makes it available to the end user via some GIU (web app, intranet app, report viewer i.e. crystal)
3) exports data/processes it further (reports, test databases, extracts, backups)
Are there any more stages? Also where can your data come from? Some systems can obtain the data via online forms, but there must be other apps that get data from other means, i.e. not directly from the user.
Can you give me some examples in the lifecycle of database/information system, everywhere that “data”, intended for the database, can reside in your IT environment? From one extreme to the other, any where data could be stored in the IT environment for stages 1, 2, or 3.
Asked:
Who is Participating?
I would add message queues into the mix - think enterprise service buses. When it comes to security, i'd add in excel, emails, print outs, flat files etc as people often use these systems when looking at or dealing with data.
Hi Dave, not familiar with:
"message queues into the mix - think enterprise service buses."
Can you clarify in lay persons terms?
"message queues into the mix - think enterprise service buses."
Can you clarify in lay persons terms?
also, really depending on how tight you want your security to be, but if someone has emailed data then the email will reside in multiple places - the sender, the exchange server (or similar) and the target destination. On top of that, if you have indexing services on your computer (such as google desktop) then the contents of the files will also be in those indexes.
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
All Courses
From novice to tech pro — start learning today.
-
Course of the Month4 days, 16 hours left to enrollMonitoring and Operating a Private Cloud with System Center 2012 R2 273 lessons
See here for more info - http://msdn.microsoft.com/en-us/library/ff647328.aspx
or here - http://en.wikipedia.org/wiki/Enterprise_service_bus
re: flat files, they are just files outside of the database. e.g. someone connects to sql server and exports all of a particular tables data to a .txt or .csv file.