Upload
cloudbellscom
View
269
Download
6
Tags:
Embed Size (px)
DESCRIPTION
Introduction to Data Security
Citation preview
Every company needs places to store institutional knowledge and data.
Frequently that data contains proprietary information› Personally Identifiable Data› Employee HR Data› Financial Data
The security and confidentiality of this data is of critical importance.
There are four key issues in the security of databases just as with all security systems
› Availability› Authenticity› Integrity› Confidentiality
Data needs to be available at all necessary times
Data needs to be available to only the appropriate users
Need to be able to track who has access to and who has accessed what data
Need to ensure that the data has been edited by an authorized source
Need to confirm that users accessing the system are who they say they are
Need to verify that all report requests are from authorized users
Need to verify that any outbound data is going to the expected receiver
Need to verify that any external data has the correct formatting and other metadata
Need to verify that all input data is accurate and verifiable
Need to ensure that data is following the correct work flow rules for your institution/corporation
Need to be able to report on all data changes and who authored them to ensure compliance with corporate rules and privacy laws.
Need to ensure that confidential data is only available to correct people
Need to ensure that entire database is security from external and internal system breaches
Need to provide for reporting on who has accessed what data and what they have done with it
Mission critical and Legal sensitive data must be highly security at the potential risk of lost business and litigation
Although the 4 pillars are of equal importance we are focusing on Confidentiality due to the prevalence of data loss in financial and personal areas
We are going to review solutions for› Internal data loss› External hacking› Securing data if hardware stolen› Unapproved Administrator Access
Another set of security issues come from middleware that sits between the user and the data
Single sign on authentication› Allows users to just have one password to
access all systems but also means that the theft of one password endangers all systems
Most companies have several types of databases so to ensure total security across databases they hire 3rd party Database Security
Those companies have solutions for Database Activity Monitoring (DAM)
Prices range from $20K to $1 Million
Another option is data masking – buying a fake data set for development and testing.
Vendors such as Oracle, Microsoft and IBM know that security is a big concern for data systems.\
They create built in solutions such as:› Password Controls› Data access based on roles and profiles› IP restrictions for off site access› Auditing capabilities of who has run what reports› Security logging
Solution Description
Pros Cons
Complex Passwords (require numbers and symbols) as well as frequent password changes
Makes passwords harder to guess and harder to crack
Users write them down and keep them next to computer or forget and need multiple resets
Keep Internal and External facing databases separate
Makes it very hard to hack one and then get through to the other
Reduces functionality of databases and restricts flow of internal data
Restrict Downloading Keeps data in the database and not loose in excel, etc
Restricts reporting capabilities and off line functionality
Restrict Unwanted Connections
Again makes it harder to worm from one system to another
Makes integration more difficult and can reduce user acceptance
SAML (Security Assertion Markup Language)
SAML is the standard that is used for Single Sign On functionality
If not in use blocks the usage of single sign on