The Care of Data

It's not just a Dropbox problem

DBAs are supposed to be trustworthy. After all, they are the custodians of data and often have access to sensitive information because of the nature of their system administrator level privileges. Their turnover ought to be low, and hopefully they have spent years building skills and a reputation that will provide them with a good job. They ought to value this investment and treat it seriously. Customer Service people are not usually in the same position in their careers, often at the beginning of their technical careers and usually change jobs regularly.

Recently Dropbox had to back off the stance that it’s employees can’t view your data, with this note that their staff can access your files in some circumstances. There’s no evidence that employees have mis-used their access, but it could happen, and that’s a concern. It’s a concern with any cloud based service, and I think this is one area that cloud-type vendors really need to assure their customers that it won’t happen.

Another major concern is overall security. If a cloud vendor’s employees can access your files, so can a hacker that gains access. That is, likely, an overriding concern of many customers, and it’s an area that I think that we really need to disclose openly the measures taken, the auditing in place, and the monitoring to detect any issues. Better encryption that actually prevents access by the vendor or it’s employees is a better solution.

I hope we get encryption methods because the third major concern with cloud data is access by legal authorities. There are cases where the government might have a right to access your data, but that should be when they serve you with notice, not some company that is holding your data.

There are many great customer service people and DBAs with strong worth ethics and morals. They take their responsibility as the custodian of your data seriously. There are a few, however, that are not so professional, and release information, sell data, put stories or video on some site like YouTube or TheDailyWTF for a laugh. Something that I’m not sure most of us that store data in the cloud would like to see happen with our pictures or video, and definitely something that companies would not want to see with proprietary information.

Steve Jones


The Voice of the DBA Podcasts

About way0utwest

Editor, SQLServerCentral
This entry was posted in Editorial and tagged , . Bookmark the permalink.

2 Responses to The Care of Data

  1. Hey Steve,
    I recently started using Lastpass (lastpass.com) as a way to store all of my online passwords. One of the many cool things about it is that, even though all of my passwords are stored on Lastpass’s servers, none of Lastpass’s employees have access to them because they are encrypted using my Lastpass password (which is a password that Lastpass itself never knows about because I never actually use it anywhere except in the Lastpass client.

    I find this model really interesting. Here is a web service that never requires you to give your password to them – that’s a great model and one that it totally orthogonal to the way we have grown up using the web. Fascinating (to me anyway).

    JT

    Like

    • way0utwest says:

      Interesting idea. I use DropBox/Live Mesh to keep copies of my Password Safe items offline. Having one online and accessible from my phone would be nice.

      Like

Comments are closed.