Data Modeling is Dead? Join Us 24 Jan 2PM EST to Discuss

During this month’s Big Challenges in Data Modeling we’ll be talking about the state of data modeling. 

Last month Tom LaRock (@sqlrockstar | blog) wrote a post Data Modeling is Dead, Long Live Data Modeling. 

Data modeling is dead. It is a product of an era that has passed; that of corporate silos that created their own versions of software to suit their own needs.

That is no longer the world in which we live. That era was one that had high costs associated with building and maintaining a database of customers.

Today’s era is one where you can subscribe to Salesforce.com for just a few dollars a day. You can decide for yourself to run a new report. How much did that same report cost in the old era? How long would it take for IT to deliver that report? That’s why businesses today are using such services, because it reduces time and costs.

You need to read the whole post to get his position, but I find that his take on the state of data modeling is common in the IT world.  I posted a link to his blog post to a LinkedIn group and there was an extensive discussion.

I’ve invited Tom to join a real-world data architect and me to talk the current state of data modeling and what the future holds for data architects. 

This Month’s Panelists

Thomas LaRock

• Thomas LaRock is a seasoned IT professional with over a decade of technical and management experience. Currently serving as a Technical Evangelist for Confio Software, Thomas has progressed through several roles in his career including programmer, analyst, and DBA. Thomas holds a MS degree in Mathematics from Washington State University and is a member of the Usability Professional’s Association. Thomas currently serves on the Board of Directors for the Professional Association for SQL Server (PASS) and is a SQL Server MCM as well as MVP. Thomas can also be found blogging at http://thomaslarock.com and is the author of DBA Survivor: Become a Rock Star DBA (http://dbasurvivor.com).

Gabriel Tanase

• Gabriel Tanase is a Data Architect currently with a mid-size business consulting organization. He has accumulated some tough years of ordinary real-life data modeling experience and the not-unheard-of distinction of having taught it academically before really practicing. He is currently specializing in keeping everybody else in the project happy while quietly enforcing information meaning and integrity.

This webinar is free to attend, but you must register.  It officially starts at 2PM EST, but you can join us at 1:45 when we start our prep. We’ll be taking questions via the Q&A and we offer a real time chat so that you can be part of the conversation, too. 

Utah Health Department – Yet Another Flashdrive FAIL (YAFF)

I think we need to have an industry acronym now that this seems to happen every week.  My proposals:

• Yet Another USB Breach (YAUB)
• Blame A Thumbdrive (BLAT)
• Yet Another Flashdrive Fail (YAFF)

I like the YAFF one best, so I’m going with that, even though the #FAIL really isn’t in the hardware, but in the abuse of policy and hardware to cause a data breach.

This week’s YAFF announcement comes again from Utah, where a contractor with access to sensitive health data lost a USB flash drive somewhere between Salt Lake City, Denver, and Washington, DC.

What’s different about this news story is that we get more insight as to why that data was on a portable device.  And it’s just as I prognosticated in a previous post: the contractor was frustrated with an infrastructure issues.

The contractor, Goold Health Systems, handles Medicaid pharmacy transactions for the Health Department.Department spokesman Tom Hudachko said the GHS employee, identified only as a woman from Denver, was having trouble with an Internet connection Thursday while trying to upload the data to a server. The employee saved the personal information to an unencrypted USB memory stick and left the Health Department with the device. The employee lost the stick sometime in the following days while traveling between Salt Lake City, Denver and Washington, D.C.

(emphasis mine)

via Utah health department reports another data breach | NewsOK.com.

The contractor lost her job over this.

People Forget Policy When They Are Frustrated or Stressed

I once found a QA contractor cursing at his computer because he was having trouble sending a large file via his Hotmail account.  I offered to help.  When he showed me what he was doing I just about had a heart attack.  He had been trying to send our offshore contractor a copy of a production database backup.  This backup contained names, addresses, phone numbers, credit card information  (no, the legacy system shouldn’t have been storing this information, but it did), SSNs, Driver’s license numbers and other forms of ID. It was an identity theft treasure chest of awesome.

When I asked him why he was trying email this information to our offshore contractor he said he was frustrated that corporate email system would not let him email such a large file.

He told me the only reason he did this was that he had to get the bug logged and fixed before the weekend because he had plans to be away.  He also forgot that production data was never supposed to leave the building.    I’m not sure he ever really felt that what he was doing was wrong, or had any idea why emailing sensitive data was wrong.

The other shock I got was that it was a production DBA who had given him the backup.  When I asked the DBA why he did this without even asking what it was for, he said "I was really busy and didn’t have time."

I wonder just how many times this scenario plays out every day in offices around the world.

Love your data, even when you are stressed.  Especially when you are stressed.

Astronaut Chris Hadfield on Careers

Today Chris Hadfield of the Canadian Space Agency talked from the International Space Station to students at Chris Hadfield Public School in Milton, ON.  One of the questions was “How can I become an astronaut?”.    In answering this question, Hadfield addressed career aspirations in general:

“The things I’m doing now, it’s because I started working at it when I was your age.”

“Decide what you might want to be and then start turning yourself into that person.”

“You can start to turn yourself into an astronaut today. It doesn’t happen just like that, but every single decision you make turns you a little bit into the person you want to be tomorrow and the day after that…”

“You have to turn yourself into who you want to be.”

By the way, the kids certainly did prepare for the event:

By the way, the CAPCOM for today was Astronaut Clay Anderson, who is retiring after 30 years of service to NASA.

I thought Cdmr. Hadfield’s answers were pretty good advice for the kids.  And for us.  What are you doing today that will turn you into the person you want to be?

B.C. Health Ministry Data Breach Affects Millions

News about yet another health data breach comes, with millions affected.  The largest breach of about 5 million people involves yet again, a USB drive.

I could see why a CIO would want to order the disabling of all USB ports on corporate computers. Then will someone is going to come up with a “USB Drives Don’t Breach Data, People Do” solution?

I’m still wondering why the tech community can’t come up with a solution to this ongoing attack on people’s data.   In these cases, is it that the employees just didn’t care about the people? Were they feeling pressure to just get the job done?  Did they not know that sensitive data was on these devices?  Perhaps they were just sharing one of their USB bottle openers like the ones I collect?

- June 2012: The health data of about 38,000 individuals was shared with a researcher. The data was linked to Statistics Canada community health survey information. The disclosure of the information breached an agreement with the federal government.

- June 2012: A USB stick which contained a plain text file of 19 types of health data was provided to an authorized ministry contractor. The file included personal health numbers and health conditions – such as Alzheimers – for about five million individuals over several years. Against policy the data that was neither encrypted or made non identifiable.

- October 2010: Health Ministry data containing the personal health numbers of about 21,000 people – with diagnostic information for about 262 chronic diseases conditions – was shared on a USB stick with a researcher without a request being approved.

via B.C. Health Ministry data breach affects millions – 38,000 will receive letters – Local – Times Colonist.

Disabling USB ports seems like the wrong approach.  Right now I’m leaning towards criminal prosecution of people who are careless with our data.

Love your data.  Because it’s really our data.

Global Payments Data Breach Tab: $94 Million, Plus More in 2013

One of the most common discussions I have with other data professionals is “why do we keep having so many silly data breaches?”  It seems to me that the data put at risk is done so by sloppy IT practices and negligent employees, not always via hackers and fraudsters.  In this case, it appears it was both.  Reports and rumours point to insecure system admin practices and outside hackers.  We don’t know for certain, because in the US data breach laws are patchy and weak.

Usually the discussion comes around to talking about US companies not having to face many consequences for failing to protect our data.  Take a look at this quote about the GlobalPayments breach of 1.5 to 7 million merchant account holder data:

Global says it has now paid all fines related to non-compliance and has reached resolution with certain card networks, although it did not specify which ones. The processor also says its business has not suffered as a result of the breach.

“The impact on revenue of customers or other third parties who have failed to renew, terminated negotiations, or informed us they are not considering us at all, where we can confirm it is related to our removal from the lists, has been immaterial,” Global states. “We continue to process transactions worldwide through all of the card networks.”

via Global Payments Breach Tab: $94 Million – BankInfoSecurity.

Global has spent almost a hundred million dollars on this breach and expects to have to shell out another $25-25 million in 2013.  And yet with those numbers they don’t believe it has had a negative impact on their business.

Global handles Visa and MasterCard payment processing of about $120 billion (yes, with a “b”) in payments annually.

Their annual report also seems to imply that they were not PCI-DSS compliant when the breach occurred and Global has been removed from the list of organizations that is compliant.  So billions of dollars and millions of account information pass through their non-compliant networks.  Because it can.

I wish more companies would treat our data as something that needs to be protected.

Data Modeling and Metadata–A Great Match

Craig Mullins ( @craigmullins | blog ) has written a post about how data modeling supports metadata management and therefore better IT systems.  You may know Craig through his evangelism about DB2 and Database Administration.

So how do you ensure that you are exploiting the metadata you are collecting to the fullest, possible extent? How do you make sure that your metadata is easily accessible and effectively used across your organization? Well, this is where modeling comes in to play. Modeling is important to metadata management.

Effective communication is at the heart of the metadata value proposition. Data managers must be able to interpret the data coming into their organization and then provide a roadmap to everyone else so that they too can reach their destination. Modeling adds value to metadata management much the same way it does for data itself — by serving as a  standardized language, easily understood by everyone from business users to application developers to DBAs.

It’s always good to see people on the more technical side of data management (databases and technology) appreciate and support data modeling efforts. You should read his whole post, then leave him a comment.