8 Best Practices for Keeping Your Database Secure

As the deluge of data threatens to drown unprepared enterprises, proper data management and protection is a must. Here are tips to keep your data protected.

Protecting data at rest through effective cryptography and tokenization is the first step toward effective database security. Where possible, native encryption usually trumps third-party solutions. Best practices that are important include log and temp table protection, key rotation and separation of duty for key management.

Similarly, data in transit to and from the database needs proper protection, so be sure your organization is using up-to-date SSL/TLS encryption protocols. Don’t take it for granted that your database will have encryption; not all of them do.

As data spreads across an enterprise, solid data governance is key to complying with regulations such as PCI, HIPAA or SOX. This means understanding where sensitive data resides, ensuring that production data doesn’t sit within less-secure test and development environments, and instituting policies around separation of duties.

Identity and access management (IAM) controls are the foundation for effective database security. An organization must be able to reliably ensure that users and system-level accounts have access only to the data necessary to get their jobs done. This requires strong password management and validation, as well as technical controls to support authorization and role-based access control (RBAC).

It’s insufficient to implement role-based access control (RBAC); it’s also crucial to track and log account activity after login to establish a credible audit trail. This is important for compliance and for providing a record of activity should incident responders need to investigate suspicious activity.

Without some kind of filter for queries coming from web forms and public-facing web applications, databases will remain vulnerable to SQL injection attacks, putting their entire content at risk of a breach. It is important to institute a mechanism, such as a plug-in, to filter suspicious queries to stem the tide against this common and powerful threat.

Vulnerable databases pose considerable risk to the organization. Ensure you have a rigorous patch and maintenance process to keep databases up-to-date and reduce your exposure to attack. If your security solutions in place don’t update frequently, consider swapping them with something else. A solution with a long time between updates won’t patch itself fast enough to keep up with the latest in attacks.

Not only are open-source databases more affordable for more organizations, but they also can be inherently more secure due to the benefit of code transparency and constant vigilance by the open-source community in searching for potential vulnerabilities. This vigilance also tends to turn into faster updates to fix any vulnerabilities that get caught. Rather than one set of eyes, many are involved in keeping on top of bug fixes.