Database Security Essentials: keeping your data safe in a cloud-centric world.

If you were to ask your DBA, “Are all our databases secure?” Well, you know the answer. Of course they are!

The problem in many cases is that “traditional” database administration teams are simply not given charter to spend dollars and cycles on Information Security. Instead, they focus on database operations and performance tuning. Also, in many IT organizations, Information Security teams focus almost exclusively on Network Security and (if they’re above average) Web Application Security.

But what are black hats really after when they breach your network? The crown jewels of most enterprises are found in the databases. Customer information, financial records, credit cards, passwords, and corporate secrets – these are all stored in a database of some type.

Why bother trying to hack the web applications if the database is essentially unprotected? Unfortunately, developing effective strategies to protect these assets is often neglected in the rush to secure the network from intruders, while the majority of data breaches occur with credentials that already have legitimate network access.

At ICSynergy, we have built our core business around a number of Information Security services, including Identity and Access Management, Directory Services, Secure Software Development, and Cloud Security. We curate the knowledge we’ve distilled from our years of experience into our Database Security Practice, which focuses exclusively on helping our customers develop and execute robust security strategies around their data tiers.

Our goal is to ensure your databases are as secure as possible from threats.

To spread the word on the security practices we’ve developed over the years, we’ll be cranking out a series of posts on the topic of database security. Some of the posts will focus on general best practices for securing databases, while others will focus on key database security use cases. Some will focus on specific database security products, while others remain vendor-agnostic.

We’re calling this series, Database Security Essentials: keeping your data safe in a cloud-centric world.

Some food for thought:

• Does your organization use production data to populate development and test environments?
• Does your organization have a method to intercept and flag suspicious SQL statements at run-time?
• Does your organization have a strategy for correlating database events across the application landscape into a view suitable for regular security audits?
• Does your organization implement a segregation of duties (SOD) approach to the use of shared database administration and application credentials on the database? This ensures that no single role has access to all the data without proper access controls and monitoring.

Do you have IAM questions or problems? Not enough time or resources to create a solution? We’d love to hear from you and start on your custom IAM solution today. There’s several different ways to get in touch with us, so pick your favorite and let’s start solving problems today.