resource center
  See your link here
|
Computerworld -
Rising concerns about privacy mean that the security of sensitive information such as medical and financial data and information about children is coming under tighter scrutiny these days. And this is forcing IT managers to turn their attention to the richest repositories of such data: their data warehouses.
But for many businesses, just defining the roles and purposes of those staffers accessing such data can be daunting. Consider that a single hospital admittance could result in a patient's records being viewed by more than 150 people, both inside and outside the hospital, according to a study by Predictive Systems Inc., a New York-based technology consulting firm.
Fortunately, data warehouse software and the applications that serve such warehouses are relatively mature. Database software can define access down to the object level. And tools to automate user account management are particularly helpful in large user environments.
If Your Warehouse Is Outsourced
Data Warehouse Defined
Guarding the data warehouse gate
Related links:
Data Management Vendors
Encryption Vendors
Privacy Automation Vendors
The first step in data warehouse security is defining what data needs protecting, which can be more difficult than it sounds, according to IT managers.
Key Audit Questions
What type of data is personal and sensitive in nature?
Where is that data stored?
Who's looking at the data?
Which employees in which roles need to
see sensitive data to do their jobs?
Do access controls limit the viewing of sensitive information to only those people with a need to know in order to do their jobs?
How is data protected from crackers?
"[Legislation] talks in general terms about what data needs protecting and provides little of what kind of data and what kind of protection that data needs," says Mike Hager, vice president of network security and disaster recovery at New York-based Oppenheimer Funds Inc., a wholly owned subsidiary of Massachusetts Mutual Insurance Corp. in Springfield, Mass.
The key to passing all forms of regulatory muster is defining "personally identifiable information" and then limiting access to that information to only those with a need to know.
For example, you don't want a statistician mining for demographics on sexually transmitted diseases to also have access to the names and addresses of individual patients with such diseases. Access rights to this type of data must be fine-grained enough that a statistician can only gather broader demographics like age, sex or region.
And that means defining user roles, says Hager. "The real key here is being able to define who has access to what. Without a role-based security model, there is no way of accomplishing this," he says.
Southern Company
Download Now
Extending Client Refresh - 11 Steps to Maximize Savings
Register Now!
Defending Against the Storm
Download Now
Lower the Cost and Complexity of a Mobile Workforce through Automation
Download This Resource Now!
Share our Strength
Download Now
Managing Mobility: Improve Data Security, Compliance and Manageability
Download This Resource Now!
Consolidate Your Servers and Storage to Lower Costs with Oracle Database 11g
Register for this webcast!
Top 10 Things to Know about Data Protection
Download Now
The Commercialization of ITIL: Lessons Learned
Register for this event today!
Sign up to receive updates on the latest Industries resources
CIO
Computerworld
CSO
DEMO
GamePro
Games.net
IDC
IDG
IDG Connect
IDG Knowledge Hub
IDG TechNetwork
IDG Ventures
IDG.net
InfoWorld
ITwhitepapers
ITworld
JavaWorld
LinuxWorld
Macworld
Network World
PC World
The Industry Standard
Copyright © 1994 - 2009 Computerworld Inc. All
rights reserved. Reproduction in whole or in part in any form or medium
without express written permission ofComputerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc. |
