Database Security in 5 Steps | eWeek

Database Security in 5 Steps

Écrit par
Brian Prince
Brian Prince
Sep 5, 2007
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

ATLANTA – Monster.com, TJX, Pfizer-the list of companies and organizations affected by database breaches grows bigger and badder every week, but most enterprises remain focused on the perimeter and ignore the database.

Some 80 percent of enterprises lack a basic database security plan, according to Forrester Research surveys.

“People take it for granted that databases are secure,” said Noel Yuhanna, a principal analyst at Forrester Research, in Cambridge, Mass. “You cant buy a product, and thats it, its secure. A lot of people dont even have a database security plan.”

To view an eWEEK slide show about the worst data breaches ever, click here.

A plan is paramount, Yuhanna told attendees at Forresters Security Forum, on Sept. 5 in Atlanta. A secure database is a matter of process, not technology, and in Yuhanas assessment, the enterprise process needs to focus on five key elements.

  • Monitoring,

Automated monitoring tools are important, he said, because some organizations have thousands of transactions going on per second that would be impossible to monitor effectively without automated technology.

  • Vulnerability Assessment,

Companies need to rate data according to how significant it is and the nature of the information, and to integrate their data security plan with the corporate plan for information risk management. Businesses should set categories for the data and determine how it should be protected, he stressed.

“Once you classify the data, then you build policy around (it),” he said.

  • Data Masking,

Keep the data off the database from the start. Smart users hide sensitive data by overlaying false, realistic-looking values on it so applications using the data continue to work normally, without exposing real data.

  • Encryption

Encryption is an important piece of protecting data, though encrypting information in company databases is not without its challenges. Improperly implemented encryption in the database can hurt the speed or performance of applications, so companies should proceed with caution. But while encryption can be both cumbersome and complex, encrypting certain data in the database is a key element of security, and often part of complying with various regulations.

“HIPAA regulations and PCI regulations require that data should be protected at all times, and at all levels,” Yuhanna said.

  • Auditing.

Being secure means businesses cannot grow complacent.

“We tell the customers all the time, security is not a project; its an ongoing process,” he said.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.