SpotLight

Spotlight mobile information security

Hi,

I am looking at deploying Spotlight mobile so that I can monitor the environment on the go.

However, I work for a hospital and need to make sure that no patient information is sent outside of the organisation.

Could you confirm if there are any query plans (As these will include patient names and numbers in the text) or any other such information would be sent to the external servers or the app?

Many thanks

Kevin

  • Hi Kevin,

    As of version 12.0, Spotlight introduced a new option to mask sensitive data in query plans inside the application along with the upload of data to cloud. To enable this feature, open Connection Properties window by right-clicking on the SQL Server connection name and select 'Properties' option. Enable 'Obscure string literals in SQL text and parameters in query plans' option and hit OK.

    Here's the Help extract of this option:
    Dummy text replaces string literals in all displays of the SQL Statement and Query Plan. This protects privacy information that may be contained in those literals. Large numbers (greater than 99,999,999) are replaced with 987654321.

    Gita
  • Hi Gita,

    I'm just taking a look at this and was hoping for a way to set this at an enterprise/default level.
    Not sure if I've just missed it, but can't seem to find it anywhere.

    The reason I want to be able to do this is that I don't want to have to go through every single connection to set this and secondly, I want to be sure that any new connections that are added in the future also do not send out this type of information.
    As I mentioned, we are a hospital and the penalties for leaking patient information are quite severe, so I need to make sure that we have this turned off everywhere.
    Hopefully, I've just missed the option!
    Many Thanks
    Kevin
  • Hi Kevin,

    Exposing sensitive data is definitely not desirable. To make this setting enabled by default requires a two-step process. Both steps require manual change of XML files in your Diagnostic Server installation folder. Therefore, as a precautionary step first backup the entire Diagnostic Server folder (C:\Program Files\Quest Software\Diagnostic Server\)

    The first step is to make this setting enabled for newly created connections:
    1. Open C:\Program Files\Quest Software\Diagnostic Server\Agent\conf\Technology\database.xml with Notepad
    2. Search for "scrubdata" node
    3. Look for the child node "defaultValue" and change its value from 'false' to 'true'
    4. Save file
    5. Restart Diagnostic Server services

    The second step is to take care of your existing connections:
    1. Change directories to C:\Program Files\Quest Software\Diagnostic Server\Agent\conf\Monitored_Entity\
    2. For every *_Sqlserver.XML file you'll need to change every child node "name="ScrubData" from value 'false' to 'true'.
    3. Save each file and restart Diagnostic Server services at the end

    Unfortunately, there is not a simpler way other than disabling the option inside the application for every existing connection. You're more than welcome to open a support ticket with our support for possible alternative methods at:
    support.quest.com/contact-support

    Hope that helps.

    -Gita
  • Hi Gita,

    Thanks for getting back to me so quickly and supplying a method to set data scrubbing by default.
    No worries about going through the XML files, this is just a one off anyway !

    I'll give this a go today.

    Thanks again

    Kevin
  • Hi Gita,

    I've just carried out the first part of these instructions, which worked fine.

    I'm just going through the second part now, but have found another way to update the string literal in the XML file.
    If you right-click on a SQL connection in the client and select 'properties', the displayed window will show the 'Obscure literals' as ticked, even though the file has not yet been updated (I'm guessing because this is now the default). If you click cancel, the file will not change, but if you then click OK, the ScrubData setting is updated in the file.
    I'm now just going into properties on all of my SQL connections and clicking OK.
    I've checked the first dozen and all are updated correctly.

    Best Regards

    Kevin