Database Security and Strategy
With a growing number of internal and external attacks on corporate and public applications and robust regulatory compliance enforcements, data security continues to be the highest priority for enterprises and governments year after year. Even though many enterprises are taking stronger measures to protect their data, substantial gaps still persist at the very core i.e. the databases which contain the corporate crown jewels.
Many enterprises don’t have a database security strategy that can defend against sophisticated attacks originating externally or internally, track sensitive information as it’s copied to numerous locations, or even meet the harder evolving regulatory requirements. In addition, most of the businesses tend to emphasize more on the detective controls rather than the preventive measures and controls when it comes to database security, making them highly vulnerable. By contrast, it is observed that companies that implemented a comprehensive and integrated database security product with a solid emphasis on preventive controls attained better security controls introduced a higher degree of automation through the organization, and were more confident in defending against attacks.
Database Security Assessment
The key focus is to review and assess the database environment to understand configuration weaknesses that may impact the security of the database environment.
Using our customized scripts and tools key security information is extracted for:
From a security review perspective – we also emphasize on the following as a part of our overall approach:
Deliverable Report Information
Document risks, gaps, areas of improvement and observations including a high-level strategy to address test data requirements:
Database Security Strategy
A database security strategy focuses on proactively protecting data from internal and external attacks, curtailing data exposure to privileged and authorized IT users, and safeguarding all databases, including production and non-production.
Furthermost organizations generally focus on perimeter centered network security, proposing the first line of defense, but increasing complexity of an organization’s security environment and sophisticated attack vectors require organizations to take a comprehensive view of data security. Database security, which is the generally considered the last line of defense for enterprise data, needs a much larger focus than other layers of the whole stack for the reason that it holds an organization’s crown jewels.
A key to build any successful database security strategy encompasses:
Key Pillars of Database Security Strategy
This primarily includes Discovery, Classification, AAA – Authentication, Authorization, and Accounting, and Patch Management. Without understanding where and how the sensitive data is used across the environment, securing data can get very sophisticated and challenging. The ‘foundation pillar’ stresses on discovery and classification of sensitive data and devising a vigorous authentication, authorization, and access control framework. In addition, all critical databases must be patched periodically basis to remove known vulnerabilities.
Understanding which all databases encompasses sensitive data is an important requirement for any database security strategy and architecture. Organizations should take a comprehensive inventory of all databases, including all environments across enterprise (such as production and non-production), and confirm authentication, authorization, and access control is enabled for all business sensitive and critical databases.
For establishing a strong database security foundation, enterprises should use:
This section encompasses Monitoring, Auditing, and Vulnerability Assessment. All changes to sensitive data should be logged to provide the ability to justify and respond to auditing wherein the importance is on “who changed what data?”, “when was it changed?” etc. Auditing and monitoring also usually compromises of compensating controls when preventive measures are not enabled. In addition, vulnerability assessment reports gaps in the database environment, such as weak passwords or excessive access privileges.
To support regulatory compliance standards, such as PCI, HIPAA, FISMA, etc. and improve data security, organizations should have records of all accesses and modifications to sensitive data. Data and metadata within databases can be accessed, modified, or even deleted in moments. Detection pillar emphasizes on comprehensive audit trail of database activities and make available details on vulnerabilities.
Detection layer security fundamentally includes:
This category encompasses Data Encryption, Data Masking, and Database Firewall. These pillar emphases on preventing unauthorized access and protecting against potential attacks.
Preventive security measures essentially consists of:
Preventive measures basically include:
Database security has become critical for all enterprises to defend against growing attacks and meeting various regulatory requirements.
Based on our experience below are the key takeaways from such form of assessments: