22Apr 2019 by Grant Fritchey 3 Comments

Data Breaches: All Your Fault

DevOps, Redgate Software
One part of my job is to understand the compliance landscape. This means that I read a lot about the GDPR and related similar laws. I also have to read a lot about data breaches in order to understand how and where laws like the GDPR apply to them, and how they happened so that I can better prepare people through good DevOps practices to prevent them. The more I read about data breaches, the more I realize: It's You. It's your fault. Don't believe me? Let's walk through a few recent data breaches together. Passwords? We Don't Need Stinking Passwords. The Collection #1 data that represents 21 million unique email addresses and passwords for a combination of up to more than 700 million, was found by Troy Hunt... on…
Read More
18Mar 2019 by Grant Fritchey 1 Comment

Compliance Ain’t Easy

Redgate Software
I'm sure by now you've heard of the GDPR and some of the large scale data breaches that have occurred within it. If you haven't heard of the GDPR, you've been under a rock, or, you're like me, a United States citizen (it's amazing how little we know about this oncoming train). If you're seeing the four letters GDPR strung together for the first time, then you better jump on learning about it right now. Why? Let's string together more letters, CPPA. That stands for the California Privacy and Protection Act. That's a law modeled off the GDPR that goes into effect in 2020 (yeah, nine months). Compliance Isn't Always Spelled GDPR Maybe you're not in an EU country and you don't have any person's data from there. Maybe you…
Read More
07Jun 2018 by Grant Fritchey No Comments

SQL in the City Streamed: June 2018

DevOps, Redgate Software
Next week, Redgate Software, will be putting on SQL in the City Streamed. These events are a great way to learn about SQL Server, the Microsoft Data Platform, privacy and protection, the GDPR, and, of course, DevOps. All of that, with some great information on Redgate tools and how they can help tossed in there. Agenda Scroll down at the link and check out the agenda. We're covering a pretty wide range of topics this time. I have the keynote, and I'm not going to tell you what it's about yet. OK. I'll tell you a little. Twist my arm. I have a message about DevOps that I think is very important. When it comes to the database, we frequently think about development and deployment as nothing but change, and…
Read More
27Apr 2018 by Grant Fritchey No Comments

YouTube Channel Update: 27 April 2018

Professional Development
Despite a hiccup recently on Twitter where I managed to spam all my followers with links to my YouTube videos (so sorry about that), I am still posting videos. Please subscribe to the channel. Video Lists I created video lists. Here they are, in no particular order: SQL Server and Microsoft Data Platform GDPR and How It Relates to Your Data SQL Server Query Performance Tuning Redgate Software Videos DevOps and Databases I hope it helps to have them grouped up. Videos Here are the videos I've posted over the last few weeks. First, too many people take a "poke it and see what happens" approach to query tuning. I try to talk to that issue here: [embedyt] https://www.youtube.com/watch?v=gHxOrPEyPb8[/embedyt] Want to know where I go to learn about the GDPR?…
Read More
11Apr 2018 by Grant Fritchey No Comments

Privacy and Protection, By Design

Redgate Software
With all the noise about the upcoming enforcement of GDPR, I know that people are starting to focus more on privacy and protection. Add in all the other news about data breaches and data leaks and suddenly, privacy and protection isn't just a business concern, it's personal. Where do you go if you want to learn more? How about the SQL Privacy Summit? SQL Privacy Summit Redgate is hosting the first SQL Privacy Summit on May 18th in London, brought to you by the producers of SQL in the City. Yes, lots of information on the GDPR and compliance will be available. However, we're going way beyond that. The reason it's called the Privacy Summit and not just "The GDPR Summit" is because we're talking about more than compliance. We…
Read More
09Apr 2018 by Grant Fritchey 25 Comments

GDPR, Database Backups, and the Right to be Forgotten

DevOps
I've said it before, but it bears repeating, there is no cause for any kind of panic when it comes to the GDPR. None. There are however, a number of concerns. One of those concerns is, well, concerning. How does the right to be forgotten within the GDPR impact database backups? Let's discuss what we know. The Right To Erasure Each of the articles within the GDPR lays out a topic. Article 17 is pretty darned clear about the topic: Right to erasure ('right to be forgotten') Basically, the individuals, also known as the data subject, also known as natural persons, in short, people, can request that you remove their data from your system. The first sentence lays out the gist of the idea quite well: The data subject shall…
Read More
02Apr 2018 by Grant Fritchey 4 Comments

Buggy Whips 2.0

DevOps, Professional Development
I recently found myself rereading a very old blog post of mine, from the very beginning of this blog, discussing Buggy Whips. I'll save you the long read, I was learning new tech, it made me second guess my working assumptions, I was curious if I was manufacturing a buggy whip while watching an automobile drive by. 2008 to 2018 Well, I'm still here. In fact, Feature Driven Development has disappeared from the lexicon and the project that it was introduced to took years longer than anticipated, performed horribly, and had to have a major redesign and rework to be fundamentally functional (all after I left the old organization). So, my fears that database design was a thing of the past were just that, fears... right? Yes and no. Here…
Read More
30Mar 2018 by Grant Fritchey 4 Comments

YouTube Channel Update: March 30, 2018

Professional Development
Hey everyone! Here's the latest stuff on my new YouTube Channel. Please let me know if these videos are helpful. Also, if you have requests for videos on a particular topic, even a video of a blog post I did here, let me know. I take requests and I'm more than happy to help. I've been talking a lot about the GDPR. I released three videos on this topic this week alone: [embedyt] https://www.youtube.com/watch?v=FSbrhv1Fuh4[/embedyt] [embedyt] https://www.youtube.com/watch?v=YFyS45kvtMY[/embedyt] [embedyt] https://www.youtube.com/watch?v=YLYxflj8O9A[/embedyt] I also released a video on using SQL Prompt to help your team audit their code: [embedyt] https://www.youtube.com/watch?v=4TBHGuhgS4E[/embedyt] Finally, I added a video discussing database mirroring as it relates to Azure SQL Database [embedyt] https://www.youtube.com/watch?v=I26K-FWilXA[/embedyt]
Read More
19Mar 2018 by Grant Fritchey 1 Comment

Query Monitoring and the GDPR

DevOps
I've been reading the General Data Protection Regulation (GDPR) and discussing the ramifications of the beginning of enforcement with lots of people. The implications of it all are fascinating. The real serious issues remain primarily a business problem, with business defined solutions. However, there are technology issues that we need to think about. For example, performance metrics are going to be impacted by the GDPR. Private Data and Monitoring Queries First and foremost, let me say something I've said before. The vast majority of the focus around GDPR has to come from your business. Second, the bulk of your work and focus must be on ensuring core functionality in support of the GDPR. Third, the attack vectors and leaks for GDPR are not going to primarily be around something like…
Read More
12Mar 2018 by Grant Fritchey 6 Comments

Execution Plans and the GDPR

SQL Server, SQL Server 2016, SQL Server 2017
What? Execution plans and the GDPR? Is this it? Have I completely lost it? Well, no, not on this topic, keep reading so I can defend myself. GDPR and Protected Data The core of the GDPR is to ensure the privacy and protection of a "natural person's" information. As such, the GDPR defines what personal data is and what processing means (along with a bunch of additional information). It all comes down to personally identifying (PI) data, how you store it, and how you process it. More importantly, it's about the right for the individual, the natural person, to control their information, up to and including the right to be forgotten by your system. OK. Fine. And execution plans? Execution Plans and PI Data If you look at an execution…
Read More