Andrea Danti - Fotolia

Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

5 tips to protect your database from data breaches

Database security is an essential DevOps security issue. Strict policies and controls can be a pain, but they separate DevOps-ready organizations from the rest.

There's an old saying that still rings true: There are those that have had a data breach, and there are those that just don't know it yet. The year 2017 was one of the busiest years for hackers, with a major data breach almost every week. Some of the biggest breaches compromised U.S. voters' personal information and exposed the Social Security numbers of more than 100 million Americans.

Most organizations today employ perimeter security systems, data encryption, strict policies and employee education to deter data theft and fraud. These are necessary measures, but are not enough. It is crucial to employ strict policies and controls to provide ultimate database security.

Here are five steps which can help protect your database.

1. Ensure you're compliant with the necessary regulations

Regulations and laws have stringent rules for data security. By ensuring compliance, you're already one step ahead when it comes to data protection. The United States has about 20 sector-specific or medium-specific national privacy or data security laws, and there are hundreds of such laws among its 50 states and territories. California alone has more than 25 state privacy and data security laws. The new GDPR standards put tougher requirements on companies doing business in Europe. You can hire an outside expert to assess what data you have and how you are actually protecting it -- not how you think you've protected your database. While it may seem like an unnecessary cost, if you can show clients and potential clients that you performed a third-party data assessment, you may find it puts you at an advantage over your competitors.

2. Set up permissions properly

The new GDPR standards put tougher requirements on companies doing business in Europe.

A recent study -- Verizon's "2018 Data Breach Investigations Report" -- shows that at least 25% of data breaches are caused -- deliberately or accidentally -- by insiders. Because you never know who will turn out to be a rogue employee, it's essential to establish and enforce the principle of least privilege: Grant each user access to only the systems and data they need to do their jobs and nothing more. Of course, any employees who are fired or leave the company should have their privileges taken away immediately. Consider setting up permissions based on projects; employees should only have temporary access to some data, depending on what they're working on. And there should be some policies that apply to everyone; for example, only the database administrator can delete a table -- or maybe no one can delete a table.

3. Monitor changes to permissions

Once you've set up permissions, track and document all changes made to them. By making sure that all changes are authorized, you reduce the risk of someone gaining access rights they don't need, either by accident or on purpose.

4. Monitor access of critical files

Many companies make extra efforts to protect celebrity files, such as a politician's tax returns during elections and an actress's file when she is giving birth or undergoing a medical treatment. It is important that organizations add extra security measures and put additional security requirements in place to override normal procedures. One high-profile data breach can severely damage your reputation. A clinic in Los Angeles claims that it has high-profile patients because of the diligent efforts it takes to protect sensitive personal data.

5. Mask sensitive data

Development, testing and deployment teams often pass real customer data back and forth. If it falls into the wrong hands, though, the organization is liable. To maintain the utmost level of privacy and protection for the individuals with information in your system, implement encryption or "pseudonymizing" technologies at the database level. Products like the Delphix Dynamic Data Platform can help you mask data and protect your database.

Databases are often the backbone of an organization, a priceless container for the transactions, customers, employee info and financial data for a company's customers. This information needs to be protected by following clear procedures for managing database changes. Clear database management can reduce the likelihood of a data leak and help everyone sleep better at night.

Dig Deeper on DevOps security

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

What can organizations do to secure their DevOps databases?