First Of All, A Benchmark For Security Has To Be Created In Order To Set A Target. Report
10 Steps to make your Database more Secure
While computers have come as a blessing in the form of solution to a host of problems, it has also brought with it problems of a new nature. The most obvious problem concomitant with the dependence of huge organizations on computers is the security of data. Every company has to make sure that it makes its databases as secure as possible to mitigate the risk of having to undergo litigation or having its trade secrets or confidential customer data leaked to its competitors.
Several threats to databases exist. These may come in the form of SQL injections, network eavesdropping, unauthorized server access or password cracking (Meier et al.). SQL injection refers to the attacker’s use of arbitrary commands by exploiting the weakness of input validation codes. Network eavesdropping occurs when data is transmitted over insecure transmission lines. Unauthorized server access can also be used to steal data from databases. Lastly, password cracking is one of the most widely used methods of gaining access. Even hacking software is readily available in the market that tries to crack a password.
Gerald in his article “10 steps to reduce the risk, improve database security, and adhere to compliance mandates” writes in detail about the steps needed to make databases fully secure.
Secondly, the weaknesses in the whole system have to be recognized. Vulnerabilities include vendor bugs and misconfigurations amongst many others.
Thirdly, there is a need to set priorities for curing the vulnerabilities identified. This step is guided by the benchmark set in the first step.
Fourthly, it is important to keep monitoring the computer systems and databases and employing continuous improvement practices in order to make sure that the security is updated to match with the most recent threats. It is an ongoing process and not a one-off activity.
The routine, daily activities should be preferably automated so that the time spent on processing routine transactions is devoted to other productive activities involving updates of security methods.
It is also important to implement the patches on time and to keep monitoring the vulnerabilities in order to be alerted against any other intruder attacks.
The database system has to be thoroughly audited on a regular basis.
Issues need to be solved as soon as they crop up to eliminate the possibility of any loop-hole.
“Real-time intrusion detection” (Gerald) is also an effective way of keeping the most critical systems secure.
Moreover, organizations should not seek to rely solely on border security. Insider attacks should be expected and should be guarded against as well, and contingency plans should be in place. In Verizon’s 2013 Data Breach Investigations Report, it has been revealed that around seventy-six percent of all security breaches result from insider attacks, that is, user accounts with high-level privileges (“10 Must-Do Ways to Protect Your Databases from Insider Attacks”). While organizations focus more on defending their boundaries, it is the personnel within the organization who pose a greater threat to the security of the databases. The cost of data theft can be huge resulting from loss of essential documents, financial theft and lawsuits.
The above ten steps offer an effective method to make a database more secure. Given the amount of confidential information being stored in databases, the cost involved justifies the use of advanced security techniques.
“10 Must-Do Ways to Protect Your Databases from Insider Attacks.” Greensql.com. Greensql, n.d. Web. 9 March 2015.
Gerald. “10 steps to reduce the risk, improve database security, and adhere to compliance mandates.” Busmanagement.com. LCG Media Group, 16 Dec. 2013. Web. 9 March 2015.
Meier, J.D., Mackman, Alex, Dunner, Michael, Vasireddy, Srinath, Escamilla, Ray, &Murukan, Anandha. “Securing Your Database Server.” Microsoft.com. Microsoft, June 2003. Web. 9 March 2015.