Do keep in mind that in MA and CA in the States, *all* Personally Identifiable Information - SSNs, bank information and the like- is legally protected, and this may be coming nationally quite soon. There are going to be an extra special set of challenges for developers who work on databases containing such information.
Setting up your Dev environment in such states should include care *not* to fully duplicate the data in the production environment unless you want to give yourself real headaches when your Devs want to work remote. - Durf On Fri, Jun 18, 2010 at 8:14 PM, Jon Harris <[email protected]> wrote: > External Auditors rarely have to deal with internal politics and have only > limited say in internal running of the business unless you are in one the > the HIPPA/SOX/etc type of environments. > > Jon > > On Fri, Jun 18, 2010 at 7:52 PM, James Hill > <[email protected]>wrote: > >> Interestingly some of the changes I have made were recently given the >> big tick of approval from external Auditors. >> >> >> >> >> >> *From:* Erik Goldoff [mailto:[email protected]] >> *Sent:* Friday, 18 June 2010 10:23 PM >> >> *To:* NT System Admin Issues >> *Subject:* RE: Handling Developers >> >> >> >> 1. There’s the way that makes the developers’ life the easiest >> >> 2. There’s the way that makes the environment most secure >> >> 3. There’s the way provides an optimum balance between the first >> two >> >> >> >> I fought this battle at a previous job, where the ENTIRE IT Department had >> Domain Admin privileges, not just local to their machine. The developers >> perceived that they needed to be domain admins to properly execute their >> job. The VP of IT was previously the Application Development Manager, so >> guess which way he was leaning … >> >> It was a long, hard battle, with precious few victories. PCI compliance >> helped me to gain some footing, but in the end, I was seen as counter >> productive to the developers’ goals, and obviously unhappy there. Did I >> mention this was a **previous** employer ? >> >> >> >> >> >> *Erik Goldoff*** >> >> *IT Consultant* >> >> *Systems, Networks, & Security * >> >> ' Security is an ongoing process, not a one time event ! ' >> >> *From:* James Hill [mailto:[email protected]] >> *Sent:* Friday, June 18, 2010 8:05 AM >> >> *To:* NT System Admin Issues >> *Subject:* Re: Handling Developers >> >> >> >> Thanks Andrew. >> >> >> I have considered your approaches in the past. I think my frustrations >> have clouded my thoughts somewhat. >> >> At the moment they have the ability to run as and elevation as they know >> the local admin password. But of course complain about having to type it >> in. >> >> One argument was that with their previous and larger employer they did >> what they wished. Hence why I am after as much opinion from other >> professionals that I can get. >> >> >> >> >> >> >> >> >> >> > > > > > -- NEW PHONE NUMBER: tel: 617.671.0572 Just state your name and wait to be connected. -------------- Give a man a fish, and he'll eat for a day. Give a fish a man, and he'll eat for weeks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
