Empowering the next generation Channel

Security: 6 Do or Die Database Security Strategies Databases are digital treasure vaults of the enterprise, yet many organizations fail to adequately secure their data repositories. The following six techniques can help shore up database security and prevent embarrassing and costly breaches.   See All Slideshows As solution providers ponder how they can help customers protect their sensitive information, one of their key targets should be the corporate database. Databases are where most organizations store the bulk of their information and yet they remain woefully unprotected. According to the 2009 Data Breach Investigations Report from Verizon Business, database breaches comprised 30 percent of data breached in 2008 and accounted for 75 percent of all data breached last year. Here’s a look at a few techniques for securing databases.By Ericka Chickowski Database Encryption Native database encryption isn’t enough; organizations also need to complement encryption with effective key management to make the effort meaningful Making a Case: In a 2008 survey conducted by UK-based Trust Catalyst, just under 40% of IT decision makers said they don’t know where their database encryption keys are stored. Controlling Configurations Shoring up database configuration is the low-hanging fruit in database security. Stop using default administrator passwords and eliminate test databases from production database servers are good first steps. Making a Case: An Enterprise Strategy Group survey conducted in 2008 found that among IT decision-makers, 53% listed misconfigured databases as a top database risk. Vulnerability and Patch Management Employing vulnerability scanners and streamlining patch management can go a long way toward stopping outside attacks from picking exploiting well-known security holes in the database software. Making a Case: According to a 2008 poll by the Independent Oracle Users Group, 11% of enterprises have never patched their databases and 26% take over six months to apply database patches. Access Control and Identity Management Best practices and automation surrounding user provisioning, role-based access control and account revocation are critical to ensuring users log into the database on an as-needed basis. Making a Case: According to Gartner analyst Jeffrey Wheatman, “It really needs to start with good role-based access control. That definitely is a critical component because if you don't know who should be able to do what, then how do you actually figure out how to put controls around that?” Database Monitoring Employing automated database monitoring and policy enforcement tools helps tie together the previous strategies and to give the organization an auditable ‘big picture’ of database activity. Making a Case: Writes Rich Mogull, analyst for Securosis: “[Database Activity Monitoring tools] are particularly helpful in detecting and preventing data breaches for Web-facing databases and applications, or to protect sensitive internal databases through detection of unusual activity. Secure Coding The way an organization churns out code can have a profound effect on the security of sensitive database stores. Even otherwise secure databases can be exposed to risks posed by sloppily written Web applications. Making a Case: According to researchers on the IBM ISS X-Force team, SQL injection attacks last year grew from 5,000 attacks per day to 450,000 attacks per day.

Issue Index | Contact Us | About CI | Advertise | Magazine Customer Service | Site Map | System Builders

Use of this site is governed by our Terms of Use and Privacy Policy
Copyright ©1996-2009 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. eWEEK and Spencer F. Katt are trademarks of Ziff Davis Enterprise Holdings, Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise Inc. is prohibited.
eWeek is your best source for the latest Technology News.
ZDE Cluster 1 hosted by Hostway.