Security

Tag: security

Is It OK to Show My Database Schema to ChatGPT and GitHub Copilot?

Is It OK to Show My Database Schema to ChatGPT and GitHub Copilot?

By Kendra Little on June 23, 2023

Category: database-administration
Tags: chatgpt , github-copilot , data-privacy , security , generative-ai , azure-openai

I’m answering two questions from Brent Ozar’s list of user questions open for answers.

Q: What’s your opinion of entering confidential info in chat gpt? Will we see AI therapist chat bots?

Q: In terms of security, is it OK to expose your database to tools like GitHub Copilot in Azure Data Studio? Someone will know that your email address column is not encrypted or a stored procedure is not parsing its input parameters when dynamic T-SQL is built.

Continue reading

Protect Your Prod Databases in Azure DevOps / TFS: Three Control Points

Protect Your Prod Databases in Azure DevOps / TFS: Three Control Points

By Kendra Little on February 5, 2020

Category: devops-automation , sql-server
Tags: azure-devops , production-deployments , security , release-pipelines , agent-pools

When implementing any kind of automation for database deployments, it’s important to implement safeguards for your production environment. This is needed even in the best conditions when team members collaborate well and there is a high level of trust, for a very simple reason: accidents happen easily!

Continue reading

Do 75 Percent of Data Breaches Really Come from Insiders?

Do 75 Percent of Data Breaches Really Come from Insiders?

By Kendra Little on January 2, 2019

Category: security
Tags: data-breaches , security , verizon-dbir , insider-threats

There’s a lot of information out there on data breaches. I’ve written before about one source that I trust: the Verizon Data Breach Report (DBIR).

Continue reading

Where Do Data Breaches Come From?

Where Do Data Breaches Come From?

By Kendra Little on December 3, 2018

Category: security
Tags: data-breaches , security , verizon-dbir , insider-threats

I recently did a bit of research on the source of data breaches. In this post, I’ll talk a bit about my current favorite source for breach information, and a bit of what I learned.

Continue reading

Join Me for an Upcoming Webinar on Data Masking: Insights and Actions

Join Me for an Upcoming Webinar on Data Masking: Insights and Actions

By Kendra Little on November 21, 2018

Category: security
Tags: data-masking , data-privacy , security , webinar

Click the image to register for the webcast

There Has Never Been a Better Time to Start a Project to Champion Data Privacy

In a recent Harris poll sponsored by the payment company Stripe, over 1,000 C-level executives were asked to rate which factors they feel are most threatening to their business.

The #1 item that executives rated as “somewhat” or “very” threatening to the success of their business is security / data breaches. The #2 rated threat to these businesses? Increased regulation

Continue reading

The Right to Be Erased is Coming to California, Along with Other Privacy Rights

The Right to Be Erased is Coming to California, Along with Other Privacy Rights

By Kendra Little on July 5, 2018

Category: security
Tags: gdpr , privacy , california-consumer-privacy-act , data-protection , security

In the last year, developers and DBAs have heard a lot about the General Data Protection Regulation (GDPR) law passed by the European Union. These regulations not only impact companies that are incorporated in Europe, but all companies processing the data of Europeans.

Continue reading

Automation: Granting Read Perms for Developers

Automation: Granting Read Perms for Developers

on August 16, 2010

Category: devops
Tags: automation , granting-reads , security , showplan , view-definition , view-server-state

Yeah, you heard me.

“But Kendra, why would we want to grant developers read  permissions? And why would we automate  it? And at what point did you lose your mind?”

Continue reading