For general information and resources, ITIL and ITSM World is the most well known for both ITIL and ITIL Books. A shorter snapshot approach can be found at ITIL Zone
Note: ® ITIL is a registered trademark of OGC. This portal is totally independent and is in no way related to them. See our Feedback Page for more information.
The Itil Community Forum: Forums
ITIL :: View topic - Who is allowed Raw Database Access?
Joined: Aug 10, 2010 Posts: 9 Location: Sydney Australia
Posted: Thu Aug 19, 2010 5:36 pm Post subject: Who is allowed Raw Database Access?
Hi guys. In an age where everything is stored electronically, databases drives virtually every aspect of a business. Which is why I believe that this is a particular area Change Managers should be extremely strict about.
In a client of mine, due to the nature of 'urgent fixes', at times Developers are given Production DB access to either,
1) query, simulate the issue or
2) fix it directly QUICK QUICK!
Such practice has eventually given the rise to some of our BAs even having direct access to PROD too!
It is a shocker I know!!!
I often think about the risks involved, as sometimes these changes to the PROD environment do not go through proper CM processes and even though each step taken may be written down somewhere ... there could have been accidental mistakes resulting in enormous cost to recover or fix corrupt data etc, or worst, the organisation very well could have been defrauded through some form of embezzlement un-beknown to them.
As I think about this, I decided to take the step further, even people in Production Support or DBAs at the end of the CM process, even them having direct prod access could be a risk to a business. Often a CR would have been created, gone through the cycles, and then it is up to Prod support to execute the final steps in Prod. Who is to say that they would not do something outside the realms of the CR as they perform the execution?
I think the solution is in Software Automation which is why I have put together my Software. Because Software Automation will be able to track the changes, and even automate the change deployment! Which is what my tool does for DBs.
But I wanted to know from this forum, what are permissible buffers organisations are willing to accept to allow individuals to have direct raw database access?
I have often heard the saying, "If you can't trust them doing the job, you can't trust anyone"... and with Billions of Dollars worth under management... I kind of NOT want to trust anyone. Any thoughts? _________________ Al_RelEZ_Al
Joined: Sep 16, 2006 Posts: 3110 Location: London, UK
Posted: Thu Aug 19, 2010 5:48 pm Post subject:
First
Quit doing sales in this forum. You have already posted more than once about your application.
Second.
This can be easily controlled by proper ITIL oriented, SOX oriented, CoBIT orient Change Management and Release Management process
Instead of tryign to sell them a tool, have them change their processes so things like this does not happen
It does not happen where I am or have been as this is the first thing I try to control _________________ John Hardesty
ITSM Manager's Certificate (Red Badge)
Change Management is POWER & CONTROL. /....evil laughter
I have edited his post and a final warning has been sent. Some vendors never seem to get that this sort of thing actually damages them rather than helps them.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
Forum FAQ
Search
Usergroups
Profile
Log in to check your private messages
Log in
