Cybersecurity Data Security Industry Spotlight Security Boulevard (Original) 

Best Practices in Database Security Planning

Avatar photo by Andrew Herlands on January 21, 2020

As the volume of enterprise data grows, database security is becoming more challenging than ever before. According to IDC, the volume of data worldwide will increase tenfold to 163 zettabytes by 2025, with most of that being created and managed by organizations. Databases are a modern-day treasure trove, containing both valuable corporate data as well as sensitive personal data on consumers. As a result, they are a prime target for cybercriminals, who use every tactic from social engineering to sophisticated malware, compromised endpoints or exploiting user credentials to try to gain access.

In addition to the growing volume of data, database administrators (DBAs) are challenged with managing increasingly complex database infrastructure. With the growth of cloud databases such as Amazon Web Services Relational Database Service (RDS) and others, DBAs are tasked with managing multiple types of data stores and brands of database management systems. Add to that the growing number of data security and privacy regulations organizations must adhere to, and it’s clear that the DBA role is becoming both more important and more complex.

Despite the importance of data in today’s digital enterprises, in many organizations, database security is given less importance than perimeter defense. While organizations reinforce their network perimeters through firewalls and other security measures, they neglect the security of their valuable data vaults. To reduce the risk of suffering a data breach and comply with increasing regulations, organizations must implement a comprehensive, database-specific security plan that establishes an operational methodology for people, processes and technology.

Database Security in Action

Here are five best practices for establishing or improving your database security program.

Establish a Baseline With a Database Risk Assessment

It’s essential to understand the current state of operations. Conducting a database inventory and risk assessment not only helps an organization establish a baseline for measuring results, but it also helps DBAs find rogue or abandoned databases that may hold sensitive information, as well as discover overprivileged and poorly secured user accounts that could be exploited in a breach. A thorough database assessment should include policy management, vulnerability management and access management. Upon identifying, prioritizing and fixing any issues, DBAs should then retest to document remediation progress.
While it may be tempting to skip this first step, doing so is a sure path to spending more time and money than necessary. Too many organizations skip ahead to installing database activity monitory (DAM) before conducting their due diligence, which often results in a solution that monitors and collects everything, generating an overwhelming number of reports, false-positive/negative alerts and unnecessary costs and frustration.

Establish Security and Compliance Policies

Without clearly defined security policies and standards, enterprises will struggle to assess compliance or measure progress against benchmarks. Often organizations develop robust security policies for data as it moves throughout the network but fail to map those policies back to the databases themselves. When security weaknesses are remediated, it is usually a reaction to an incident rather than a proactive response to a policy. Businesses should always review policies after patching vulnerabilities or installing new versions of software to account for updated configurations and settings. When establishing policies and standards, the security team should be sure they address the frequency of policy updates, who is responsible for updating, what should trigger a policy change and the approval process for a policy change.

Identify Overprivileged Users

Many organizations do not have a full understanding of who has access to sensitive data. User accounts with excessive privileges can be used to not only gain unauthorized access to data and systems but also erase evidence of misdeeds. Organizations should conduct user entitlement reviews against a handful of objects that contain sensitive data to identify who has access and how they obtained those rights. The database security plan should include a frequent review of who has administrative access and ensure that database users have appropriate minimum privileges to perform their work.

Perform Vulnerability and Configuration Assessments

To test whether they have effective database security controls in place, IT security and audit practitioners should establish a practice of continuous assessment through regular vulnerability and configuration audits. This can be done by using credentials configured to access the database instance and the information needed to complete the audit. These audits provide actionable information on inherent vulnerabilities and database configuration elements that may make your databases susceptible to attack or fail to comply with government regulations or your company’s established data security policies. Regardless of what industry you operate in, an excellent model to follow is the Continuous Diagnostics and Mitigation (CDM) mandate developed by the Department of Homeland Security (DHS) for ensuring database vulnerability compliancy.

Consider Real-Time Database Monitoring

After your team has conducted proper discovery and assessment of their databases, gained an understanding of how users access data and have implemented best practices to manage those findings, they may want to consider using real-time database activity monitoring (DAM) to keep their database security plan in line. Monitoring provides security teams the real-time intelligence needed to take prompt action to lock down accounts when violations occur or threats are identified. It also helps organizations ensure that users are not engaging in unauthorized behavior. Don’t attempt to monitor everything or you will find yourself searching for a needle in the proverbial haystack. Instead, determine what is most important for your business to monitor, such as critical databases, sensitive database objects, highly privileged accounts, policy violations, access during off-hours from unauthorized hosts, etc.

By following these best practices for database security planning, you will be well on your way to safeguarding one of your organization’s most prized assets: its data.

— Andrew Herlands

Andrew Herlands , ,
Avatar photo

Andrew Herlands

Andrew Herlands is Global Head, Security Technologies Architects at Trustwave, a cybersecurity and managed security services provider leader that helps enterprises fight cybercrime, protect data and reduce security risk.

andrew-herlands has 1 posts and counting.See all posts by andrew-herlands