Beruflich Dokumente
Kultur Dokumente
Availability
Authenticity
Integrity
Confidentiality
Data needs to be available at all necessary
times
Data needs to be available to only the
appropriate users
Need to be able to track who has access to
and who has accessed what data
Need to ensure that the data has been edited
by an authorized source
Need to confirm that users accessing the
system are who they say they are
Need to verify that all report requests are
from authorized users
Need to verify that any outbound data is
going to the expected receiver
Need to verify that any external data has the
correct formatting and other metadata
Need to verify that all input data is accurate
and verifiable
Need to ensure that data is following the
correct work flow rules for your
institution/corporation
Need to be able to report on all data changes
and who authored them to ensure
compliance with corporate rules and privacy
laws.
Need to ensure that confidential data is only
available to correct people
Need to ensure that entire database is
security from external and internal system
breaches
Need to provide for reporting on who has
accessed what data and what they have done
with it
Mission critical and Legal sensitive data must
be highly security at the potential risk of lost
business and litigation
Although the 4 pillars are of equal
importance we are focusing on
Confidentiality due to the prevalence of data
loss in financial and personal areas
We are going to review solutions for
Internal data loss
External hacking
Securing data if hardware stolen
Unapproved Administrator Access
Another set of security issues come from
middleware that sits between the user and
the data
Single sign on authentication
Allows users to just have one password to access
all systems but also means that the theft of one
password endangers all systems
Most companies have several types of
databases so to ensure total security across
databases they hire 3rd party Database
Security Vendors such as Guardium,Inc. and
Imperva, Inc.
Those companies have solutions for Database
Activity Monitoring (DAM)
Prices range from $20K to $1 Million
Another option is data masking – buying a
fake data set for development and testing.
Solution Description Pros Cons
Data Obfuscation Fake or Scrambled data Can be very expensive –
(Masking, Scrambling) set for use by design good fake data can
and implementation range in cost from
teams $200,000 to $1 Million
Encryption of Data Allows personally Adds overhead and
identifiable data to be possible performance
scrambled if intrusion issues.
takes place.
Database Looks for SQL Can eat into over head
Intrusion/Extrusion Injections, Bad access and cause performance
Prevention commands and odd issues – also expensive.
outbound data Needs very specific
criteria to set up.
Data Leak Prevention Catches any data that is Does not protect data in
being sent out of the the actual data
system warehouse.
Vendors such as Oracle, Microsoft and IBM
know that security is a big concern for data
systems.
They create built in solutions such as:
Password Controls
Data access based on roles and profiles
IP restrictions for off site access
Auditing capabilities of who has run what reports
Security logging
Solution Description Pros Cons
Complex Passwords Makes passwords harder Users write them down
(require numbers and to guess and harder to and keep them next to
symbols) as well as crack computer or forget and
frequent password need multiple resets
changes
Keep Internal and Makes it very hard to Reduces functionality of
External facing hack one and then get databases and restricts
databases separate through to the other flow of internal data
Restrict Downloading Keeps data in the Restricts reporting
database and not loose capabilities and off line
in excel, etc functionality
Restrict Unwanted Again makes it harder Makes integration more
Connections to worm from one difficult and can reduce
system to another user acceptance
SAML (Security Assertion SAML is the standard If not in use blocks the
Markup Language) that is used for Single usage of single sign on
Sign On functionality
Willwe be able to keep the data secure
while keeping the users happy?
Tune in Week 10 to find out!
Same Bat Time
Same Bat Channel