[BreachExchange] Straight Tricks To Better Safeguard Your Company’s Database
Audrey McNeil
audrey at riskbasedsecurity.com
Mon Jun 11 19:38:29 EDT 2018
https://www.trickyenough.com/safeguard-your-companys-database/
Organizations, big and small operate with a level of database security.
Keeping sensitive business data is a priority any company cannot afford to
joke with. Whether its data around contracts and employees’ information,
project planning finances, and operational strategies; database
securityrequires a high level of confidentiality both internally and
externally.
Often, companies will opt to install firewalls, antivirus and other
formidable mysql cold backupsecurity measures to keep unauthorized persons
and programs from breaching their databases. What they forget is that their
in-house resources are a threat as good as any intruder from outside.
When a company moots over the idea of building a new database, planning is
usually the perfect starting point. Its foolhardy for database development
teams to initiate the process before planning. It’s the same way that
builders won’t embark on the foundation without consulting the blueprints.
This stage is critical since it helps developers to understand the nature
of the incoming data. It’s advisable that you start with planning before
you start coding.
If developers rush to code without a set plan, it leads to a disparate
system that might require constant tweaking or overhaul in the future.
Addressing future problems upfront will save you a headache and the huge
cost you might incur to create a fresh database.
Threats from Authorized Users
People who are entrusted to safeguard an organization data pool end up
being the loopholes that hackers exploit. Instead of focusing too much on
firewalls, the modern hackers have evolved such that they will create
malicious proxies that will log onto your databases looking like authorized
entities. It’s advisable that your database is monitored and scanned to
forestall data breach and loss. Investing in access control measures to
prevent malicious attacks from insiders is recommended.
Ways to Improve Database Security
- Distinguish Sensitive Data from The Rest
In a well-established business, there can be multiple databases that host
various categories of data. It’s not easy to implement strict protection
layers on each. However, you need to consider protecting the most critical
data as a priority. You can demarcate different security layers and
designate data according to its sensitive nature. You can identify fields
within a database according to hierarchy and who within the company can
access it. With carefully demarcated data, you know where to channel your
security resources and you won’t have irrelevant data to squeeze into your
database space.
- Designate Access Level Personnel
Segregating data based on its sensitivity is crucial. The same should be
done to the people in your company. You need to create distinct levels of
access that are reserved to specific personnel on merit and rank. When
specific persons are in charge, it’s easy to keep threats at bay.
Segregating here dictates that a designated person needs to have access to
a given security level and nothing more. In essence, people from one
segment data areas shouldn’t have access to another segment or department.
- Apply Dynamic Data Masking
Dynamic data masking entails masking sensitive data on transit such that
unauthorized persons on the other end cannot fathom or make anything of it.
It’s more like encrypting your data such that authorized persons are the
only ones with an idea of what’s being relayed.
To protect your database perfectly, there is a need to make use of a
database activity monitoring system. With proactive monitoring, it’s easy
to flag every activity performed and the aftermath of such activities. The
system will monitor database activity on-premise and in the cloud as well.
You will marshal the data security since you are empowered to flag and
censor any suspicious activity.
- Use 2-Factor Authentication
Your database needs to be secured with a 2-factor authentication protocol.
With one of the passcodes being generated randomly, it’s difficult for an
unauthorized person to find their way in. It’s important to train your
employees on the need to keep their user credentials intact away from
prying eyes. Let your access managers and employees know the consequences
that come with data theft. It’s important to make them aware of the social
aspects that might lead them to disclose classified info without knowing it.
Once your database is up and running, it’s important to test its integrity.
Testing during the development stage will keep you updated on what to do
and you will save your resources in the process.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180611/ea8ce770/attachment.html>
More information about the BreachExchange
mailing list