Its hard to put a price tag on the data a particular business holds. Whether it be medical records or when a vehicle’s oil was last changed, all business’ house data. Some more private than others but all equally important to that particular company. Having said this the topic of how to support, monitor and secure the database arises.
Databases are increasingly being targeted by attackers. In Verizon’s 2009 Data Breach Investigations Report it was noted that 30 percent of breaches were against databases. The only other asset that had a larger percentage of breaches was POS systems, and many of them still contain or interact with a database. (insert citation) Reading these numbers should make any business owner want to develop a strategy or a game plan for how to protect their information and also how to stay within the requirements of the many regulatory standards that are out there today. Being proactive and addressing database security can save a company money, the risk of bad press and even law suits.
The way for a company to go about securing and monitoring their database is to take into consideration the following key areas:
Separation of environments
Secure configuration (Insert citation)
Internal and external threats can be minimized by the use of access controls.
Examples of an internal access control is the username and password combination or a two factor authentication. This method employs two factors one being a card or some tangible item used in conjunction with a password. Along with the use of passwords the decision of how much data each end user views should also be considered. External threats come in the form of hackers, phishing, and viruses. Impeding access through a companies router can be done by properly writing the access control list. Access control lists are simply text strings entered on a router to deny or allow traffic. (insert citation) Firewalls also offer great resistance...