A community of more than 1,600,000 database professionals and growing

The Voice of the DBA

What's Worse than Announcing a Data Breach?

What's Worse than Announcing a Data Breach? You might think that's the worst thing that you could tell your boss these days. Imagine discovering that sensitive data has been exposed and you need to go inform an executive. Hopefully no one is looking to punish the messenger, but it will still be a very uncomfortable conversation.

Now imagine that you need to go back and have a second discussion a day or two later. Why? More data was exposed, and potentially lost. I'm not sure which conversation is worse, though if you don't have a list of things you've checked, changed, or fixed between the two meetings, I would argue the second one is worse.

That happened to a mortgage loan company. The data breach was already bad, with an Elastisearch server out there without any security. Data had been converted from paper documents through an OCR process, which resulted in no shortage of mistakes, but there was still plenty of sensitive information out there. Things got worse when security researchers discovered the source of the OCR process was an Amazon S3 bucket that container the original images, also without a password.

Before I comment on anything else, there should be NO shares, buckets, containers, databases, or any sort of server without a password. None, nada, zip, zilch, no excuses. At least protect everything with a password that meets your organizations password requirements. No "12345" or "asdf" or default passwords. Before you do anything else, go set passwords. If you have S3 buckets or Azure storage, write a script to check them all. Set. A. Password. On. Everything.

We will all make mistakes in configuration, and there might be security issues at times. These ought to be rare, with today's vulnerabilities scanners, static code analysis, configuration as code, global policies, etc. There really isn't any excuse why we don't set things up at the beginning, but if things change and mistakes are made, we ought to detect them quickly. And then fix them. That's why we should use automation, configuration as code, and regular evaluation of our systems.

One of the greatest strengths of the DevOps philosophies is that we can deploy changes quickly to fix things. We'll make mistakes, we'll have issues, but when we find them, there is no long waiting period to get the fix into our client's hands. That ought to be true for both software and infrastructure.

Steve Jones from SQLServerCentral.com

Join the debate, and respond to today's editorial on the forums

The Voice of the DBA Podcast

Listen to the MP3 Audio ( 3.3MB) podcast or subscribe to the feed at iTunes and Libsyn.

The Voice of the DBA podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music.

SQL Provision: Create, protect, & manage SQL Server database copies for compliant DevOps

With SQL Provisions virtual cloning technology, databases can be created in seconds using just 1MB of storage, and sensitive data can be anonymized or replaced with realistic data to ensure it is protected as it moves between environments. Download your free trial

Continuous Delivery for SQL Server Databases

Spend less time managing deployment pain and more time adding value. Find out how with database DevOps

Featured Contents

Getting Comfortable Writing Code in Azure Data Studio

Steve Jones from SQLServerCentral.com

Learn some of the ins and outs of working with Azure Data Studio to develop SQL code. More »

Introduction to SQL for Cosmos DB

Additional Articles from SimpleTalk

This article by Adam Aspin reviews the Azure Cosmos DB SQL API from the perspective of the relational database developer. More specifically it will show you how to leverage your Structured Query Language skills to exploit the core possibilities of Cosmos DB as a NoSQL document database. More »

From the SQLServerCentral Blogs - Communication in Azure: using Data Factory to send messages to Azure Service Bus

Rayis Imayev from SQLServerCentral Blogs

(2019-Mar-10) A conversation between two or more people involves continuous efforts to listen and reflect on what other people have to... More »

From the SQLServerCentral Blogs - SQL Server Availability Group Failovers in Kubernetes

Klaus Aschenbrenner from SQLServerCentral Blogs

(Be sure to checkout the FREE SQLpassion Performance Tuning Training Plan - you get a weekly email packed with all the... More »

Question of the Day

Today's Question (by Steve Jones):

Can I use data compression on system tables?

Think you know the answer? Click here, and find out if you are right.

We keep track of your score to give you bragging rights against your peers.
This question is worth 1 point in this category: Data Compression.

We'd love to give you credit for your own question and answer.
To submit a QOTD, simply log in to the Contribution Center.

Yesterday's Question of the Day

Yesterday's Question (by Steve Jones):

I am trying to remove some of the extra tempdb files that I have on an instance. I tried ALTER DATABASE tempdb REMOVE FILE tempdb32, but I got this message.

Msg 5042, Level 16, State 1, Line 33
The file 'temp3' cannot be removed because it is not empty.

What can I do?

Answer: Use DBCC SHRINKFILE with the EMPTYFILE option

Explanation:

When a file contains data, you cannot remove it. You must first empty the file and DBCC SHRINKFILE with the EMPTYFILE option will clear out the file. This may not work if there is not enough space in other files to move the data.

Once this is complete, you can remove the file.

Ref: DBCC SHRINKFILE - click here

» Discuss this question and answer on the forums

Database Pros Who Need Your Help

Here's a few of the new posts today on the forums. To see more, visit the forums.

SQL Server 2017 : SQL Server 2017 - Administration

PBM: script warning - Hello community, I want to use some policies on my sql servers. I have created them and everything works fine except...

Use SQL Azure as read only reporting copy of SQL "on prem" VM? - We have some Azure IaaS (on prem) SQL database instances running. We would like to use an Azure SQL database (not...

SQL Server 2016 : SQL Server 2016 - Administration

SQL Server AlwaysOn on Single node cluster - Hi Team, We have some SQL Servers which are configured with Always on on Single node clusters. As part of the testing...

PREEMPTIVE_OS_PIPEOPS Wait - So to start with, man, I sure have a lot of weird issues. I appreciate all the help and direction...

SQL Server slow but CPU,Memory and Network fine - Team please looking for assistance on SQL Server 2016,CPU,Memory and Network are fine but application is timing out.Can long quereeries...

SSMS 17.9 activity monitor grayed out - Hello community, I have a problem with the activity monitor on a sql server 2016 cluster. The processor time in the...

SQL Server 2016 : SQL Server 2016 - Development and T-SQL

A question about the EXISTS operator - In the ye olde AdventureWorks2016 database if I run the following query it returns Exists, even though the sub-query returns...

T-SQL Query To Find Memory Usage Per Resource Pool Per Database - Hi, I have just started using Resource governor in SQL Server 2016 and my manager has asked me to write a...

How to replace NOT IN in WHERE clause - --SQL select distinct s.subscription_id, s.subscription_nm from #tmp_deal_hdr adh inner join al on al.lic_id = adh.lic_id inner join avt_user u on u.userid=adh.salesperson_i

SQL Server 2014 : Administration - SQL Server 2014

Limit Size of Tables - I'm looking for a way to put a cap on the size of newly created tables or adding data to...

DB Mirroring - As a part of application upgrade process, it would create bunch of objects and the data insertion would be made....

SQL Server 2012 : SQL 2012 - General

Find missing numbers in sequence 1 thru 5 - I have a table with records. Each set of records is numbered 1 thru 5. I need to iterate thru...

SQL Server 2012 : SQL Server 2012 - T-SQL

Excluding values using NOT IN not working - I posted last week or so about joining results to an existing table and I tried all the responses but...

SQL Server 2008 : SQL Server 2008 - General

Create new Central Line based on Trend - Hi, I have managed to get so far with creating a central line that changes depending upon trend that is...

SQL Server 2008 : Working with Oracle

Sp_help for Oracle? - I'm building a set of SQL Server views that use OPENQUERY to run queries against an Oracle server. I want to...

Data Warehousing : Integration Services

SSIS FTP Component ... LocalPath settings ... User::LocalFolderPath - Dear Forum, I am supporting an SSIS process that uses the FTP Component. The FTP component has a LocalPath setting value of...

SQL Server 2005 : SQL Server 2005 Integration Services

SSIS OleDB Destination Sql Command From Variable - Hi all, I need to put a dynamic query to OleDB destination SQL command (Data access mode) But I don't find any...

Run dynamic SQL through SSIS - I have a setup table which has Client, State and FileName Column for eacch of the clients. My SSIS package runs...

Dynamic SQL in SSIS - Hi All, I have a meta data table that stores settings for generating files for different users. Columns in the table...

SSIS from ODBC source using a dynamic sqlcommand - Does anyone know how I can use a user variable in a sqlcommand in a Datareader source with an ODBC...

This email has been sent to newsletter@newslettercollector.com. To be removed from this list, please click here.
If you have any problems leaving the list, please contact the webmaster@sqlservercentral.com.

This newsletter was sent to you because you signed up at SQLServerCentral.com.
Feel free to forward this to any colleagues that you think might be interested.
If you have received this email from a colleague, you can register to receive it here.