June 30, 2021
Data security refers to the protective measures employed to secure data against unapproved access and to preserve data confidentiality, integrity, and availability. Data security best practices include data protection techniques such as data encryption, key management, data redaction, data subsetting, and data masking, as well as privileged user access controls and auditing and monitoring.
Data security best practices should be leveraged both on-premises and in the cloud in order to mitigate the risk of a data breach and to help achieve regulatory compliance. Specific recommendations can vary, but typically call for a layered data security strategy architected to apply a defense-in-depth approach. Different controls mitigate different threat vectors. Distinct solution areas include the abilities to assess, detect and monitor database activity and threats.
Data is one of the most important assets for any organization. As such, it is paramount to safeguard data from any and all unauthorized access. Data breaches, failed audits, and failure to comply with regulatory requirements can all result in reputational damage, loss of brand equity, compromised intellectual property, and fines for noncompliance. Under the European Union General Data Protection Regulation (GDPR), data breaches can lead to fines of up to 4% of an organization’s global annual revenue, often resulting in significant financial loss. Sensitive data includes personally identifiable information, financial information, health information, and intellectual property. Data must be protected to help avoid a data breach and to help achieve compliance.
Data masking, data subsetting, and data redaction are techniques for reducing exposure of sensitive data contained within applications. These technologies play a key role in addressing anonymization and pseudonymization requirements associated with regulations such as EU GDPR. The European Union GDPR was built on established and widely accepted privacy principles, such as purpose limitation, lawfulness, transparency, integrity, and confidentiality. It strengthens existing privacy and security requirements, including requirements for notice and consent, technical and operational security measures, and cross-border data flow mechanisms. In order to adapt to the new digital, global, and data-driven economy, the GDPR also formalizes new privacy principles, such as accountability and data minimization.
Under the General Data Protection Regulation (GDPR), data breaches can lead to fines of up to four percent of a company’s global annual turnover or €20 million, whichever is greater. Companies collecting and handling data in the EU will need to consider and manage their data handling practices including the following requirements:
Databases are valuable repositories of sensitive information, which makes them the primary target of data thieves. Typically, data hackers can be divided into two groups: outsiders and insiders. Outsiders include anyone from lone hackers and cybercriminals seeking business disruption or financial gain, or criminal groups and nation state-sponsored organizations seeking to perpetrate fraud to create disruption at a national or global scale. Insiders may comprise current or former employees, curiosity seekers, and customers or partners who take advantage of their position of trust to steal data, or who make a mistake resulting in an unintended security event. Both outsiders and insiders create risk for the security of personal data, financial data, trade secrets, and regulated data.
Cybercriminals have a variety of approaches they employ when attempting to steal data from databases:
A well-structured database security strategy should include controls to mitigate a variety of threat vectors. The best approach is a built-in framework of security controls that can be deployed easily to apply appropriate levels of security. Here are some of the more commonly used controls for securing databases:
Reduce the risk of a data breach and simplify compliance with data security best practices, including encryption, key management, data masking, privileged user access controls, activity monitoring, and auditing.