Computer data security has finally arrived as a front page news topic. A number of companies from Bank of America to ChoicePoint have finally raised the attention of consumers, business, and legislatures around the country. Why has the topic of data security begun making headlines? One thing these companies have in common is that they lost or were tricked into giving out sensitive information that could potentially be used for identity fraud or online fraud. We can all thank one state for the high-profile publicity of this topic: California. California now has a law on the books that requires companies that lose sensitive data of any California citizen to report the data loss to that citizen. The side effect of this reporting requirement is that these companies are reporting this information to all consumers affected. You can't go a month without a new report of data loss from some large organization.
Over the last couple of months I have become concerned about the amount of client data I have stored on my personal machines as a result of my consulting practice. As I develop custom software, it is not uncommon to retrieve sample data from production systems. I work in a number of industries including banking and health care and the security of my client's data on my personal computer concerns me. If I lose my laptop, there is a possibility of this data causing problems for my clients. Honestly this can sometimes keep me up at night. So what is a consultant to do?
Thankfully there are a number of useful technologies available now and coming in the very near future. One technology I am researching with a client is the use of a product from VMware that gives you the ability to create encrypted images of data. Should a hard drive end up in some hacker's hands they won't have access to the data stored in these encrypted images. Another technology we are considering is using the new security and encryption features of SQL Server 2005. Microsoft has made a huge investment in security features in SQL Server 2005. One security feature that is relevant to this discussion is Microsoft's inclusion of data encryption into the SQL Server engine. Using SQL Server 2005 you can encrypt data at column level using a number of strong encryption technologies. Lucky for you, this issue of CoDe Magazine contains a great article from Don Kiely in which he reviews a number of the new security features of SQL Server. In this issue we also have a great article on new ASP.NET 2.0 security controls.
The “always online” Internet had made it increasingly easier for the “bad guys” to take information stored on your computer and commit crimes. This is why the software and business community has spent so much time adding security features to their network infrastructure and into their software applications. It is up to you and me as technology professionals to protect our clients and their customer's sensitive data.
One thing I would like to clue you in on is a newsletter from Bruce Schneier (one of the premier security exerts in the world). You can find his online newsletter at http://www.schneier.com/crypto-gram.html.
Or if you are a news junkie you can follow his blog…
Bruce has a ton of information on security risks, security concepts, and my favorite: security myths.
Other sites to look at are:
www.informationweek.com (and similar industry publications that do feature articles about enterprise IT)www.securityfocus.comEach of these sites contains newsworthy security information you need to know about.
Hopefully some of the articles contained in this issue will help you along the way toward securing your development environments.