Mythics Blog

Six Keys to Increased Database Security

Posted on March 28, 2013 by Sean Wang

Tags: Mythics Consulting, Oracle, Security

A broad range of security controls can be implemented to protect databases, including technical, administrative and physical. On the technical side, vendors, like Oracle, have developed an array of tools to safeguard data where they reside.  Policies and procedures enhance the security from different perspectives.

So what are the key measures of database security?  Following these security practices will significantly increase the security of a database system against potential compromises:

1.  Identification and Authentication

An account is required to have access to the databases and it must be properly authenticated before being granted any access. This applies to all accounts, whether user or service accounts.

2.  Less is Better

The principle of least privileges should be followed when granting rights to accounts; no account should have more rights than required to perform its jobs. And, when possible, separation of duties should be implemented in granting rights to accounts.  Furthermore, the principle of least functionality should be followed. That is, functions or services that are not used should be disabled.

3.  Auditing and Monitoring

Access to the databases should be audited and/or monitored, and the auditing should be detailed enough to identify actual and potential compromises. Any irregularities should trigger an alert to the appropriate personnel.

4.  Updates and Patches

Any patches and/or updates should be applied as soon as they become available. This will remediate vulnerabilities existing in the early version or release of the database system.

5.  Encryption

Sensitive data should be encrypted even though this may impact the performance.

6.  Backup and Disaster Recovery

Databases should be properly backed up to prevent potential data loss. The backup should be regularly verified to ensure that the databases could be fully restored in the event of a disaster.

Protecting information is critical to any enterprise so implementing robust security practices is an important early step in defending your databases from threats and compromises. 

Sean Wang
Mythics Consulting

Comments

  • ! No comments yet

Leave a Comment