Databases are digital treasure vaults of the enterprise, yet many organizations fail to adequately secure their data repositories. The following six techniques can help shore up database security and prevent embarrassing and costly breaches.
of
As solution providers ponder how they can help customers protect their sensitive information, one of their key targets should be the corporate database. Databases are where most organizations store the bulk of their information and yet they remain woefully unprotected. According to the 2009 Data Breach Investigations Report from Verizon Business, database breaches comprised 30 percent of data breached in 2008 and accounted for 75 percent of all data breached last year. Here’s a look at a few techniques for securing databases.By Ericka Chickowski
Database Encryption Native database encryption isn’t enough; organizations also need to complement encryption with effective key management to make the effort meaningful
Making a Case: In a 2008 survey conducted by UK-based Trust Catalyst, just under 40% of IT decision makers said they don’t know where their database encryption keys are stored.
Controlling Configurations Shoring up database configuration is the low-hanging fruit in database security. Stop using default administrator passwords and eliminate test databases from production database servers are good first steps.
Making a Case: An Enterprise Strategy Group survey conducted in 2008 found that among IT decision-makers, 53% listed misconfigured databases as a top database risk.
Vulnerability and Patch Management Employing vulnerability scanners and streamlining patch management can go a long way toward stopping outside attacks from picking exploiting well-known security holes in the database software.
Making a Case: According to a 2008 poll by the Independent Oracle Users Group, 11% of enterprises have never patched their databases and 26% take over six months to apply database patches.
Access Control and Identity Management Best practices and automation surrounding user provisioning, role-based access control and account revocation are critical to ensuring users log into the database on an as-needed basis.
Making a Case: According to Gartner analyst Jeffrey Wheatman, “It really needs to start with good role-based access control. That definitely is a critical component because if you don't know who should be able to do what, then how do you actually figure out how to put controls around that?”
Database Monitoring Employing automated database monitoring and policy enforcement tools helps tie together the previous strategies and to give the organization an auditable ‘big picture’ of database activity.
Making a Case: Writes Rich Mogull, analyst for Securosis: “[Database Activity Monitoring tools] are particularly helpful in detecting and preventing data breaches for Web-facing databases and applications, or to protect sensitive internal databases through detection of unusual activity.
Secure Coding The way an organization churns out code can have a profound effect on the security of sensitive database stores. Even otherwise secure databases can be exposed to risks posed by sloppily written Web applications.
Making a Case: According to researchers on the IBM ISS X-Force team, SQL injection attacks last year grew from 5,000 attacks per day to 450,000 attacks per day.
Intel Technology Provider Program
Intel Technology Provider Program (ITP) helps resellers better understand Intel products which power the technology they sell, and enables value-add services such as remote manageability or anti-theft tracking. Learn More
WindowsForDevices.com
WindowsForDevices.com is the comprehensive news site covering Windows embedded technologies. Visitors get news, technical white papers, opinion columns and extensive directories covering the products and companies in the marketplace. Click Here
10 Key Ingredients That Have Made Apple So Successful
10 Reasons RIM`s New CEO Won`t Fix the Company
Eight IT Jobs Skills That Win Six-Figure Salaries
Social Media Best Practices to Land that Dream Job
Channel Executives On The Move: 2012
Why SOPA Is Such A Big Issue
See All Slideshows
