Comments on: Database Analyst Steals Credit Card Data http://www.pythian.com/news/3361/database-analyst-steals-credit-card-data/ News and views from Pythian DBAs Fri, 10 Feb 2012 13:01:25 +0000 hourly 1 http://wordpress.org/?v=3.0.4 By: Gary Smith http://www.pythian.com/news/3361/database-analyst-steals-credit-card-data/#comment-366037 Gary Smith Sun, 12 Jul 2009 16:30:40 +0000 http://www.pythian.com/news/?p=3361#comment-366037 It's probably also worth paying consideration to physical security - it amazes me how little consideration is paid to the idea of someone driving into the side of the building and nicking a pile of servers. It does happen, and woe betide you if you don't have encryption on your disks. If you're in the field of having incredibly sensitive data, you need to look at every conceivable angle to protect the data. It’s probably also worth paying consideration to physical security – it amazes me how little consideration is paid to the idea of someone driving into the side of the building and nicking a pile of servers. It does happen, and woe betide you if you don’t have encryption on your disks. If you’re in the field of having incredibly sensitive data, you need to look at every conceivable angle to protect the data.

]]> By: Doug Burns http://www.pythian.com/news/3361/database-analyst-steals-credit-card-data/#comment-365889 Doug Burns Sat, 11 Jul 2009 08:18:29 +0000 http://www.pythian.com/news/?p=3361#comment-365889 <i>Another problem with implementing security for standard compliance, is that companies target passing the audit rather than trying to genuinely secure their data.</i> Tell me about it. It makes my blood boil sometimes to watch lip service being paid to security so that everyone can feel warm and fluffy when 20 minutes speaking to DBAs or other tech people would allow these 'auditors' to see that everything is insecure. Even with Database Vault, most sites still have multiple DBAs who have the access to just unlink it. Another problem with implementing security for standard compliance, is that companies target passing the audit rather than trying to genuinely secure their data.

Tell me about it. It makes my blood boil sometimes to watch lip service being paid to security so that everyone can feel warm and fluffy when 20 minutes speaking to DBAs or other tech people would allow these ‘auditors’ to see that everything is insecure.

Even with Database Vault, most sites still have multiple DBAs who have the access to just unlink it.

]]>