Hi Rob and all,
We don't allow remote access to our collection database, for reasons
much along the lines you note. Regardless of trust in staff, in our
assessment doing so would still entail unacceptable risk.
Let's say a staff member's access credentials were unknowingly
compromised by a visitor peering over a shoulder during one careless
login. With remote access, those authentication credentials could then
be used by unknown parties at their leisure. With on-premises access
only, the risk of compromise to sensitive data would be mitigated to
some degree by the need to access the system from within the museum.
Noting that spoofing, etc. could still be a factor (depending on how
this aspect of access control is implemented), it can still be one among
various useful layers of reducing the risk of intrusion.
Most of our use cases for remote access by staff can be covered by using
our public-facing collection search, and those that can't can wait until
the staff person is back on premises--or occasionally can be handled by
human proxy, as it were, via a known colleague on premises.
That's our take on the question, anyway. Convenient as it would be on
occasion to be able to do data cleaning from home during an ice storm!
Rob
--
Rob Lancefield
Manager of Museum Information Services / Registrar of Collections
Davison Art Center, Wesleyan University
301 High Street, Middletown CT 06459-0487 USA
rlancefield [at] wesleyan [dot] edu | tel. 860.685.2965
On 2/23/17 3:17 PM, Rob Morgan wrote:
Hello MCN Listserv,
Does your institution allow remote access to your collections database?
For example, can a Curator check your collections database from home via a
Remote Desktop Connection/Terminal Server, or something similar?
If so, does your institution have a policy in place regarding remote access
to your collections database? If so, can you share it with me?
FYI, we allow remote access to our collections database. However, there is
concern about losing control over who can see sensitive information (e.g.,
values, locations, etc.) when the database is accessed outside the museum
(e.g., a non-employee could see sensitive data in an employee’s home). Of
course, the argument is that staff should be trusted regardless of where
they’re working.
Thanks,
Rob Morgan
Collections Database Administrator
The Baltimore Museum of Art
_______________________________________________
You are currently subscribed to mcn-l, the listserv of the Museum Computer
Network (http://www.mcn.edu)
To post to this list, send messages to: [email protected]
To unsubscribe or change mcn-l delivery options visit:
http://mcn.edu/mailman/listinfo/mcn-l
The MCN-L archives can be found at:
http://www.mail-archive.com/[email protected]/
