cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Erick

Prevent data breach with the SQL Server connector

Submitted by Erick on โ€Ž01-18-2018 06:05 AM

When a flow is created with connections both to on-premise systems and cloud based systems there is a risk of data leakage.

For example let's say that a flow gets data from a SharePoint site and exports it to a SQL Server database in the cloud. Let's suppose that this flow runs everytime a file is uploaded on a SharePoint library.

If the flow is assigned to several owners and one of them leaves the company this guy will loose access to the on-prem SharePoint but not to the database that is in the cloud. The flow can continue running and copy data to the external database without no one being aware.

To prevent that from happening I suggest that a special permission is given to the SQL Server connector : allow connection to cloud base databases or not. This permission would be manage by company administrators at the same level than Data Loss Policies.

Status: New
See more ideas labeled with:
2 Comments (2 New)
Comments
Hayes3d
Hayes3d
Level 8
โ€Ž01-29-2018 05:19 AM

This to me sounds less like a risk of leakage and more intentional as a data breach. If these users are using AD accounts, those same accounts should be used in SQL. If a user leaves, disable the account and the problem is solved. If I'm understanding this correctly, this seems to be more of an issue regarding management of users and less concerning SQL connector? Maybe I'm just not understanding your business case?

Erick
Erick
Level: Powered On
โ€Ž01-29-2018 05:51 AM

Here is my point: a user from my company can have a personal AD account to connect to a SQL Server db. When he leaves the company his personal account is not disabled. So any flow that is using the connector to this db will continue working (providing that the flow is shared with other owners and the other connections are not using his credentials).

In this case we could have a situation where data are still extracted from a SharePoint or other sources and copied to a SQL Server db on the cloud while its owner has left the company.

Do you understand what I mean?