Comment Re:2 factor authentication would have. (Score 1) 142
Two factor and split responsibility for admins: i.e. the nuclear launch methodology.
Encrypt the database and split the keystore password between multiple groups. i.e. group 1 has the first 10 characters, group 2 the next 10, group 3 the last 10. Then you need at least collaboration between the three groups to access the dataset in its entirety. Make the data accessible via a UI that is limited in scope for record retrieval and auditable. Then encryption would have been the answer to their issue.
Encrypt the database and split the keystore password between multiple groups. i.e. group 1 has the first 10 characters, group 2 the next 10, group 3 the last 10. Then you need at least collaboration between the three groups to access the dataset in its entirety. Make the data accessible via a UI that is limited in scope for record retrieval and auditable. Then encryption would have been the answer to their issue.