The topic is:  DB2 10 LUW — Securely Hiding Behind the Mask 

This isn’t your typical DB2 security session.  For example,  have you considered the cost savings you may achieve by implementing column masks?  (Yes, I did say ‘cost savings’.) Or….have you altered reality lately?  I [...]]]> I’m presenting a session at IDUG NA 2013.  

The topic is:  DB2 10 LUW — Securely Hiding Behind the Mask 

This isn’t your typical DB2 security session.  For example,  have you considered the cost savings you may achieve by implementing column masks?  (Yes, I did say ‘cost savings’.) Or….have you altered reality lately?  I have, using DB2′s column masks.  

If you are intrigued, I hope to see you in my session on Tue, Apr 30, 2013 at 02:00 PM.

“Each attendee is given one free exam, [...]]]> For those of us who will be attending IDUG in Orlando from 4/29 to 5/3 have you thought about maximizing your time and investment by attaining certification?  I checked with Susan Weaver, IBM WW Certification Program Manager, about exam costs for IDUG attendees and here is her reply:  

“Each attendee is given one free exam, however, if they pass, they may take another. Any additional exams will be $25.”

With the average cost of each certification exam at $200 per test, you have the opportunity for significant savings if you take your certification exams at IDUG. 

And, while you are at IDUG, I hope you will attend my session: 

DB2 10 LUW — Securely Hiding Behind the Mask

As [...]]]> Small children love the game of peek-a-boo.   The lesson being taught by this play exercise is that objects do not disappear just because we aren’t observing them.    When thinking about DB2 Data Security and Data Governance, there is an excellent corollary here.     Just because data isn’t easily observable does not mean it doesn’t exist.

As a consultant, I am frequently asked to explain how I discovered databases or data objects that had not been documented or provided to me.  The answer is simple; much like the child who learns the reality of object permanence, I observe systems with an understanding that just because a data object is not documented, that does not mean it doesn’t exist.

Think about how you maintain your environments, especially your Dev and Test environments.   Do you always have strong controls in place to ensure that you have documented every possible data object?  If not, then you may have a data governance issue that may lead to a DB2 security issue which could result in a loss or compromise of data.  

Think again about those environments and how they were “stood up”.   Were they built in haste to meet a deadline?  Have they been greatly modified by developers and/or testers who are under deadline pressure?   Were standards relaxed in order to meet a project timeline? Meeting deadlines and timelines often requires shortcuts, but some of those shortcuts can lead to security risks as well as change control challenges. 

If you don’t know that data exists, then how can you protect it?  If you don’t know what data exists beyond your DB2 databases, how can you know if it is as risk?  Take a lesson from a children’s game and observe the reality that a solid Data Governance approach is foundational to Database Security.

Her article is found [...]]]> Keesa Bond just posted an article discussing Data Governance from the academic standpoint.  Although Data Governance approaches are typically understood to be overarching regardless of the industry, I think Keesa does a good job explaining the more specific challenges of initiating a Data Governance process for an educational environment.  

Her article is found here:  http://www.databasejournal.com/sqletc/data-governance-learning-data-lessons.html

I was really happy to discover today that there is a Cross-Blogginating (love that [...]]]> Two of my favorite DB2 folks are Ember Crooks and Mike Krafick.    Both of them are exceptional DB2 talents and both of them like to share knowledge.   I follow Ember’s blog regularly and always find something new and interesting.

I was really happy to discover today that there is a Cross-Blogginating (love that mashup word) Event going on at Ember’s blog site.   Mike is guest posting today on a topic that any DBA can appreciate.   

Want to find out more?   Check it out:

http://db2commerce.com/2012/06/28/10-minute-triage-assessing-problems-quickly-part-1/