Three tips on how to minimize security threats
Tip No. 1: Reduce exposure
Treat personal, identifiable information as sensitive information and put proper security measures around them. Also, rigorously apply security principles such as segregation of duties and least privileges-just enough for people to do their jobs, nothing more. Finally, consider third-party access carefully and encrypt data.
Tip No. 2: Harden the infrastructure and develop response capabilities
Apply vendor security patches as quickly as possible. Use virtual patching if it's not possible to apply physical patches in a timely fashion, and use only strong passwords. Also, remove all default usernames and passwords. Automate breach prevention capabilities and prepare a rapid response plan in case of a breach. Isolate and mitigate incidents.
Tip No. 3: Monitor access to databases in real time
Check the logs and audit, audit and audit. Be proactive, not reactive, and monitor insiders and privileged users-not just the perimeter. Detect all access to sensitive data and identify malicious or suspicious activity as it happens-before it's too late.
The need to preserve the confidentiality and integrity of data, and to monitor privileged user activity is driving CIOs and auditors to reconsider their strategy for database security and to impose stringent controls across database systems. It's critical they implement a workable, secure solution and then act upon it.
It's also essential to maintain database security review processes and stay up-to-date with patches and controls. After all, compliance demands it and customers expect it.
Dominique received an MBA from Harvard Business School and graduated with distinction. She also holds a Cum Laude M.S. degree in Industrial Engineering from the Delft University of Technology in the Netherlands. She can be reached at [email protected].