Pau Lo
asked on
Where is your data?
I attended a good speech the other day on database security and one issue the guy asked was whether folk knew where their data was. I think some folk have a one dimensional view that data resides in the MS-SQL, Oracle DB and no where else.
As DBA’s can you give me a big list of everywhere corporate data for a specific system can go/end up. For example at a top level if you ask me you information system
1) gets/obtains data (online forms, data feeds, data extracts)
2) stores it and makes it available to the end user via some GIU (web app, intranet app, report viewer i.e. crystal)
3) exports data/processes it further (reports, test databases, extracts, backups)
Are there any more stages? Also where can your data come from? Some systems can obtain the data via online forms, but there must be other apps that get data from other means, i.e. not directly from the user.
Can you give me some examples in the lifecycle of database/information system, everywhere that “data”, intended for the database, can reside in your IT environment? From one extreme to the other, any where data could be stored in the IT environment for stages 1, 2, or 3.
As DBA’s can you give me a big list of everywhere corporate data for a specific system can go/end up. For example at a top level if you ask me you information system
1) gets/obtains data (online forms, data feeds, data extracts)
2) stores it and makes it available to the end user via some GIU (web app, intranet app, report viewer i.e. crystal)
3) exports data/processes it further (reports, test databases, extracts, backups)
Are there any more stages? Also where can your data come from? Some systems can obtain the data via online forms, but there must be other apps that get data from other means, i.e. not directly from the user.
Can you give me some examples in the lifecycle of database/information system, everywhere that “data”, intended for the database, can reside in your IT environment? From one extreme to the other, any where data could be stored in the IT environment for stages 1, 2, or 3.
I would add message queues into the mix - think enterprise service buses. When it comes to security, i'd add in excel, emails, print outs, flat files etc as people often use these systems when looking at or dealing with data.
ASKER
Hi Dave, not familiar with:
"message queues into the mix - think enterprise service buses."
Can you clarify in lay persons terms?
"message queues into the mix - think enterprise service buses."
Can you clarify in lay persons terms?
ASKER
And flat files?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
also, really depending on how tight you want your security to be, but if someone has emailed data then the email will reside in multiple places - the sender, the exchange server (or similar) and the target destination. On top of that, if you have indexing services on your computer (such as google desktop) then the contents of the files will also be in those indexes.