Every month new alerts go out informing the public of yet another security breach that may or may not have divulged private or personal information from customer accounts. The question is no longer if a customer’s data will be hacked but how long until the breech in security occurs and how best to mitigate the damage. These lapses in security are not the harbinger of new security flaws or hacker teams for the most part.
Many of the most damaging database violations occur because simple security steps were not taken or warning signs were not acted upon. Four of the most egregious security lapses are easily remedied with proactive management, basic due-diligence, and are listed below.
High-Access Users Are Not Monitored Or Constrained
The users who work most closely with database information have the easiest route to affect, change, and cover their tracks with impunity. In many business environments, the keys to the castle rest with a single employee who controls access to the database and all audit files. In many cases, tampering may be easily recognized but more often than not, too late to mitigate damage quickly. With access to the audit data, these same users can easily cover their tracks leaving little trace of the actions taken against a company’s database.
Security Monitoring Of Databases
As the companies continue to expand their databases, the need to automate the monitoring increases. Many companies do not have the infrastructure to adequately monitor multiple databases without directly interfacing with the individual database. In some cases, the companies will have the proper monitoring tools in place to cover all of their databases but neglect to use the data generated. Furthermore, many companies who both monitor all of their databases and verify the information lack the capability to act on security breaches in a prompt manor.
Businesses Are Unaware Of Sensitive Data Location
In this case, companies with a number of databases may find it difficult to know which database actually includes personally identifiable data. Many industries today are constantly growing and changing with the needs of their industries. With this change comes the need to upgrade and expand information technology services and with that come new database installation. Without proper planning and foresight, personally identifiable data may not receive the level of security needed.
Database Patching is Delayed
Many of the most damaging security breaches of the recent past have come from security flaws that were exploited well after a patch had been deployed to repair the problem. Many administrators either do not know that a patch is available or are not aware that a security vulnerability was discovered for their database. Among the administrators that are aware of the vulnerabilities, there can be a delay in deployment due to heavy workloads and internal pressures from management on other projects.