February 10, 2008   Sign In |  About ebizQ |  Contact Us |  Join ebizQ Gold Club
Peter Schooff
Peter Twenty-Four Seven Security
 Peter Schooff's blog is a daily look at what's going on in the world of computer security with an emphasis on how it affects businesses.

« Pfizer Fails Data Protection | Main | Web 10.0 »

September 07, 2007
5 Keys to Securing Your Database

First thing, I do want to mention that, if I do say so myself, the ebizQ weekly Security Newsletter is really shaping up into a must-read document. The newsletter goes out every Monday, and has all the features, blogs, and important news you need to know. So instead of finding us, let us come to you, right into your inbox. So sign up for the Security Newsletter right here.

With Pfizer being just another example of data gone wild, it seems like a good time to cover the 5 keys to a secure database. According to Forrester Research, 80 percent of companies lack even the most basic database security plan.

Security is not just some product that you can buy off the shelf and that’s it, you’re secure. According to Noel Yuhanna, a principal analyst at Forrester Research, a secure database is a matter of process, not technology, which is why a plan is so important. Forrester recommends the following five steps, which was taken from eWeek:

1) Monitoring -- Automated monitoring tools are important because of the sheer volume of activity going on with many databases, making it impossible for someone to do it without automation.

2) Vulnerability Assessment -- Data needs to be rated according to it’s significance, and the more important it is, the better it needs to be protected. According to Forrester’s Yuhanna, “Once you classify the data, then you build a policy around it.”

3) Data Masking -- Many think you need to keep the data off the database from the very beginning. Smart users actually hide important data by overlaying false values, so the applications can continue to work normally and the important data is never exposed.

4) Encryption -- We all know how important data encryption is, but encryption still comes with what seems to be more challenges than solutions. But while encryption can be difficult to implement, encrypting key data is critical to good security practices, and also an essential element of HIPAA and PCI regulations.

5) Auditing -- Very simply, security is an ongoing process, and frequent auditing will keep a company on it’s security toes and hopefully keep it out of the data-breach news.

Posted by pschooff in Better Protection |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/2290

Comments Post a comment




Remember Me?

(you may use HTML tags for style)

We ask that you type your code (displayed below) in the text box.This code is an image that cannot be read by a machine. It prevents automated programs from submitting comments.


Code:



Most Recent ebizQ Blog Entries
ADVERTISEMENT
Subscribe
News Feed
Recent Posts
Categories
Archives
Blog Roll
Blogosphere
This Work
Accountability:The opinions expressed in this blog are solely representative of the blog's author, and not of ebizQ
Subscribe to our Newsletters
ebizQ Weekly Gold Club Update
Live Webinar Updates
Updates from ebizQ Partners
ebizQ SOA Update
ebizQ BPM Update
ebizQ Security Update
ebizQ BI Update
ebizQ Open Source Software Update
Virtual Show Newsletter
Your E-mail Address:
BAM: The Killer App for CEP
Date: Feb 12, 2008
Time: 12:00 PM ET
(17:00 GMT)
I WANT TO ATTEND
Event Processing Market Pulse
Date: Feb 14, 2008
Time: 12:00 PM ET
(17:00 GMT)
I WANT TO ATTEND
Archived Webinars | Upcoming Webinars

Marketing Solutions | Feedback | About ebizQ | Unsubscribe | Privacy Policy | Site Map