18 Best Practices for Keeping Your Database Secure
2Don’t Let Your Data Be a Sitting Duck
Protecting data at rest through effective cryptography and tokenization is the first step toward effective database security. Where possible, native encryption usually trumps third-party solutions. Best practices that are important include log and temp table protection, key rotation and separation of duty for key management.
3Encrypt Data in Motion
4Create Processes and Policies for Data Governance
As data spreads across an enterprise, solid data governance is key to complying with regulations such as PCI, HIPAA or SOX. This means understanding where sensitive data resides, ensuring that production data doesn’t sit within less-secure test and development environments, and instituting policies around separation of duties.
5Control Who Has Access to Which Data
Identity and access management (IAM) controls are the foundation for effective database security. An organization must be able to reliably ensure that users and system-level accounts have access only to the data necessary to get their jobs done. This requires strong password management and validation, as well as technical controls to support authorization and role-based access control (RBAC).
6Track Activity to Simplify E-Discovery
It’s insufficient to implement role-based access control (RBAC); it’s also crucial to track and log account activity after login to establish a credible audit trail. This is important for compliance and for providing a record of activity should incident responders need to investigate suspicious activity.
7Don’t Trust Input
Without some kind of filter for queries coming from web forms and public-facing web applications, databases will remain vulnerable to SQL injection attacks, putting their entire content at risk of a breach. It is important to institute a mechanism, such as a plug-in, to filter suspicious queries to stem the tide against this common and powerful threat.
8Keep Your Defenses Up to Date
Vulnerable databases pose considerable risk to the organization. Ensure you have a rigorous patch and maintenance process to keep databases up-to-date and reduce your exposure to attack. If your security solutions in place don’t update frequently, consider swapping them with something else. A solution with a long time between updates won’t patch itself fast enough to keep up with the latest in attacks.
9Stay Secure and Save Money With Open-Source Databases
Not only are open-source databases more affordable for more organizations, but they also can be inherently more secure due to the benefit of code transparency and constant vigilance by the open-source community in searching for potential vulnerabilities. This vigilance also tends to turn into faster updates to fix any vulnerabilities that get caught. Rather than one set of eyes, many are involved in keeping on top of bug fixes.