We spoke a while ago about security of the data base.
Backing up to mobile USB devices can become a liability if lost or misplaced.
I just got a letter from my old software company (that doesn't hold a candle to OD)
but they offer HIPPA encrytped (if there is such a thing) data base and back ups.
Is OD data base encryption on the way?
(Also, their back ups keep as many verisons of the back-up data as it can hold and deletes the oldest ones as space becomes needed. Interesting touch if one BU becomes corrupted, but don't know if it'll help with a virus on the USB ?)
Thanks.
Security issues..
- jordansparks
- Site Admin
- Posts: 5755
- Joined: Sun Jun 17, 2007 3:59 pm
- Location: Salem, Oregon
- Contact:
Re: Security issues..
That's a really complicated question. For starters, if you are using Windows, then your files on the hard drive are very likely already encrypted. The encryption gets better with newer versions of Windows. Encrypting backups is an entirely different issue. Backup software can do exactly what you are talking about. We provide a crude backup routine, but software built for the purpose is certainly more powerful.
Jordan Sparks, DMD
http://www.opendental.com
http://www.opendental.com
- Rickliftig
- Posts: 764
- Joined: Thu Jul 10, 2008 4:50 pm
- Location: West Hartford, CT
- Contact:
Re: Security issues..
This is probably a good time to start a discussion on the board concerning security issues in the office.
IMHO, our biggest data theft risks are:
1) a dishonest or disgruntled employee
2) file folders chock full of SSN's, birthdates, etc (especially old insurance forms)
3) physical theft of your computer/server.
4) theft of your home backup computer
5) theft of credit card information
The theft (more likely loss) of a flash drive may not be a real big issue (I solve this with a lanyard), but believe a backup hard drive sitting on your car seat would be a very tempting target.
It is important to know exactly where each backup image or database is located and stored. Each one of these is a potential breach. This includes old hard drives and disks.
In the office, all of the boxes are chained to large objects (especially the server), but even this would not prevent a theft, just make it inconvenient. I am in the process of doing the same with the home computer. At my wife's school, they have had a rash of students opening up the boxes and stealing components for their home computer. My server is padlocked closed.
We have also been purging the files (we have to get down to the basement next <G>) of SSN's and old insurance forms. As far as I am concerned, the OD database is much more secure than all of this paper sitting around. I have limited access to the account module info to front desk only.
What is everyone else's regimen and/or concerns?
IMHO, our biggest data theft risks are:
1) a dishonest or disgruntled employee
2) file folders chock full of SSN's, birthdates, etc (especially old insurance forms)
3) physical theft of your computer/server.
4) theft of your home backup computer
5) theft of credit card information
The theft (more likely loss) of a flash drive may not be a real big issue (I solve this with a lanyard), but believe a backup hard drive sitting on your car seat would be a very tempting target.
It is important to know exactly where each backup image or database is located and stored. Each one of these is a potential breach. This includes old hard drives and disks.
In the office, all of the boxes are chained to large objects (especially the server), but even this would not prevent a theft, just make it inconvenient. I am in the process of doing the same with the home computer. At my wife's school, they have had a rash of students opening up the boxes and stealing components for their home computer. My server is padlocked closed.
We have also been purging the files (we have to get down to the basement next <G>) of SSN's and old insurance forms. As far as I am concerned, the OD database is much more secure than all of this paper sitting around. I have limited access to the account module info to front desk only.
What is everyone else's regimen and/or concerns?
Another Happy Open Dental User!
Rick Liftig, DMD FAGD
University of CT 1979
West Hartford, CT 06110
srick@snet.net
Rick Liftig, DMD FAGD
University of CT 1979
West Hartford, CT 06110
srick@snet.net
- jordansparks
- Site Admin
- Posts: 5755
- Joined: Sun Jun 17, 2007 3:59 pm
- Location: Salem, Oregon
- Contact:
Re: Security issues..
Our server has an external hard drive for the mysql data. That hard drive is in a safe with the wire running out a hole. Our network hard drive is also in that safe. The safe is 5 feet tall and bolted to the floor.
Jordan Sparks, DMD
http://www.opendental.com
http://www.opendental.com
Re: Security issues..
I think putting data, crypted or not, on a removable drive is asking for trouble. Just too easy to lose or steal. The online backup services are so good and inexpensive there is no reason to take the chance.
As for me we use mozy for offsite and also rsync to get a copy home to check the data for usability. For those who are not comfortable with rsync Crashplan will send a copy home.
Mozy encrypts the data before it leaves my computer and works unattended. Cost is less that $100 a year. No linux support.
Crashplan is sort of interesting. It will allow you to backup your data to any predesignated computer attached to the internet. It loads a small program on each computer. Its Free!!! They also will allow you to store data on their computer for a fee. The data is not encrypted so that must be done manually before it is sent. Both linux and mac support.
steve
As for me we use mozy for offsite and also rsync to get a copy home to check the data for usability. For those who are not comfortable with rsync Crashplan will send a copy home.
Mozy encrypts the data before it leaves my computer and works unattended. Cost is less that $100 a year. No linux support.
Crashplan is sort of interesting. It will allow you to backup your data to any predesignated computer attached to the internet. It loads a small program on each computer. Its Free!!! They also will allow you to store data on their computer for a fee. The data is not encrypted so that must be done manually before it is sent. Both linux and mac support.
steve
steve