Sunday, November 05, 2006

Starbucks only latest in long line

As a developer, I know the draw to have that database right there on my laptop.  I don't have to worry about permissions on the dev database. I can execute any SQL changes and test my SQL code with data that is quick and convieniant.  But, boy does this have security implications, as Starbucks has recently found out.

In my industry, knowledge is power.  I consider my company, and the CEO just happens to agree, to be a knowledge based company.  Sure, we offer Insurance Policies as our product. But those policies and premiums are based on our knowledge of engineering a specific occupancy to its exposures.  We call this Exposure Driven Engineering.  To put it simply: We look at the type of business that is the primary occupant of the facility, we then look at the predominant losses for that occupancy over the years and concentrate our engineering recommendations to those losses or exposures.  You may ask what this has to do with insurance.  I think if you go to FM Global's web site they can answer that better than me. 

All of this loss information we have acumulated over the last 170 years or so is pretty valuable. Along with all the insured information. At FM Global, they kinda think this is important not to expose to anyone else outside the company.

So, back to Starbucks and how this affects me.  Starbucks somehow either didn't make the connection between a laptop being portable and databases on that labtop being vulnerable or someone made a mistake and broke the rules and the whole company is now suffering because of it.  Well, for me at FM GLobal,  the former is definately not the case. (Did you hear that Basem? I understand why I can't have a copy of the DBs on my laptop) FM Global understands the connections and does everything it can to prevent such things from happening. 

How does this affect me?  It makes some of my work harder to do but not too hard.  Given the likes of Starbucks and other companies recently "losing data", and knowing the value of that data to my company,  I think I can work around my little inconvienance. 

(But Basem, couldn't i have a sandbox on a server somewhere? Please????)