First, what data do we have?
- Do we store any personally identifiable data?
- Does any of that data include children?
- Do customers believe that this data will never be seen publicly?
- Do customers believe that this data will never be seen by your employees?
Next, what would happen if this data became public?
- What would happen if all of the data was suddenly available publicly?
- What would happen if the not-really-considered-private data was made public? (Customer lists, products, sales numbers, salaries)
- If someone got a copy of our backups, what data would they be able to read?
- If someone got the application’s username/password, what data would they be able to read?
What are we doing to ensure those scenarios don’t happen?
- If our backups aren’t encrypted, do we know everywhere that the backups are right now?
- How are we preventing people from taking out-of-band backups?
- How are we preventing systems administrators from taking snapshot backups or copying backups?
- How are we preventing people from running queries, saving the output, and taking them out of the building?
- For each of these scenarios, do we have a list of all of the people who could accomplish these tasks?
- For each of these scenarios, would we know if they happened?
- Overall, what risks are out there?
- Have you documented the risks in writing?
- Has this risk list been given to management?
- Or, when any of these scenarios eventually happen, are you going to be the one who was assumed to be protecting the business from this kind of thing?
After all, notice the title of this blog post – you’re managing the databases, right?