I just had a battle with some applications support team members about securing our data. We have a system that connects to a SQL Server backend, this system has been in place for over a year now and is about to get a major application update. When this system was first implemented management let security go by the wayside and did not really care what we did as long as users were able to do what they needed to do and fast. Because of this management mandate the system was left essentially wide open to the world. This has been an annoyance to us DBA’s as we do not want to be responsible for any issues that may arise that are due to the concerns that we voiced when this was put in place.
Since a big upgrade is about to occur I have again brought up all the concerns that we have and everyone again agreed that we need to make these changes but tried to give us the run around again. They say things like it is changing to much at once. We will not know if we need to look at the application or the Database Security changes if we have an issue. To be honest all I hear is “blah blah blah”. I was involved in the initial set up of all this but at that time I was not a DBA and had little understanding of the issues that can arise with the lack of security that was in place. Now that I am a DBA and I do have a much better understanding I am unwilling to move forward without making the changes. I talked to the applications support team manager and expressed my concern and told him that I do not think this is something we can do without. The concern of what to look at when a problem arises should not be an issue as security should be the number one priority when setting up a system that contains sensitive data.
I finally got my point across and I have them on board for now. I think that I have learned that no matter who says what, I am responsible for this data being safe and sound and ready for users to use. I will not take the risk of losing this data for any preventable reason. If you are new to the DBA world just know that your data is your data and you need to do whatever possible to keep it safe and confidential. Do not give up on that battle. You can win and if you do not then I would update resume and get ready for when your data gets stolen or corrupt because you did not stand your ground on the issue of security.