8 Best Practices for Keeping Your Database Secure

1 - 8 Best Practices for Keeping Your Database Secure
2 - Don't Let Your Data Be a Sitting Duck
3 - Encrypt Data in Motion
4 - Create Processes and Policies for Data Governance
5 - Control Who Has Access to Which Data
6 - Track Activity to Simplify E-Discovery
7 - Don't Trust Input
8 - Keep Your Defenses Up to Date
9 - Stay Secure and Save Money With Open-Source Databases
1 of 9

8 Best Practices for Keeping Your Database Secure

As the deluge of data threatens to drown unprepared enterprises, proper data management and protection is a must. Here are tips to keep your data protected.

2 of 9

Don't Let Your Data Be a Sitting Duck

Protecting data at rest through effective cryptography and tokenization is the first step toward effective database security. Where possible, native encryption usually trumps third-party solutions. Best practices that are important include log and temp table protection, key rotation and separation of duty for key management.

3 of 9

Encrypt Data in Motion

Similarly, data in transit to and from the database needs proper protection, so be sure your organization is using up-to-date SSL/TLS encryption protocols. Don't take it for granted that your database will have encryption; not all of them do.

4 of 9

Create Processes and Policies for Data Governance

As data spreads across an enterprise, solid data governance is key to complying with regulations such as PCI, HIPAA or SOX. This means understanding where sensitive data resides, ensuring that production data doesn't sit within less-secure test and development environments, and instituting policies around separation of duties.

5 of 9

Control Who Has Access to Which Data

Identity and access management (IAM) controls are the foundation for effective database security. An organization must be able to reliably ensure that users and system-level accounts have access only to the data necessary to get their jobs done. This requires strong password management and validation, as well as technical controls to support authorization and role-based access control (RBAC).

6 of 9

Track Activity to Simplify E-Discovery

It's insufficient to implement role-based access control (RBAC); it's also crucial to track and log account activity after login to establish a credible audit trail. This is important for compliance and for providing a record of activity should incident responders need to investigate suspicious activity.

7 of 9

Don't Trust Input

Without some kind of filter for queries coming from web forms and public-facing web applications, databases will remain vulnerable to SQL injection attacks, putting their entire content at risk of a breach. It is important to institute a mechanism, such as a plug-in, to filter suspicious queries to stem the tide against this common and powerful threat.

8 of 9

Keep Your Defenses Up to Date

Vulnerable databases pose considerable risk to the organization. Ensure you have a rigorous patch and maintenance process to keep databases up-to-date and reduce your exposure to attack. If your security solutions in place don't update frequently, consider swapping them with something else. A solution with a long time between updates won't patch itself fast enough to keep up with the latest in attacks.

9 of 9

Stay Secure and Save Money With Open-Source Databases

Not only are open-source databases more affordable for more organizations, but they also can be inherently more secure due to the benefit of code transparency and constant vigilance by the open-source community in searching for potential vulnerabilities. This vigilance also tends to turn into faster updates to fix any vulnerabilities that get caught. Rather than one set of eyes, many are involved in keeping on top of bug fixes.

Top White Papers and Webcasts