 Every company needs places to store

institutional knowledge and data.

 Frequentlythat data contains proprietary

information
 Personally Identifiable Data
 Employee HR Data
 Financial Data

 The security and confidentiality of this data

is of critical importance.
 Thereare four key issues in the security of
databases just as with all security systems

 Availability
 Authenticity
 Integrity
 Confidentiality
 Data needs to be available at all necessary
times
 Data needs to be available to only the
appropriate users
 Need to be able to track who has access to
and who has accessed what data
 Need to ensure that the data has been edited
by an authorized source
 Need to confirm that users accessing the
system are who they say they are
 Need to verify that all report requests are
from authorized users
 Need to verify that any outbound data is
going to the expected receiver
 Need to verify that any external data has the
correct formatting and other metadata
 Need to verify that all input data is accurate
and verifiable
 Need to ensure that data is following the
correct work flow rules for your
institution/corporation
 Need to be able to report on all data changes
and who authored them to ensure
compliance with corporate rules and privacy
laws.
 Need to ensure that confidential data is only
available to correct people
 Need to ensure that entire database is
security from external and internal system
breaches
 Need to provide for reporting on who has
accessed what data and what they have done
with it
 Mission critical and Legal sensitive data must
be highly security at the potential risk of lost
business and litigation
 Although the 4 pillars are of equal
importance we are focusing on
Confidentiality due to the prevalence of data
loss in financial and personal areas
 We are going to review solutions for
 Internal data loss
 External hacking
 Securing data if hardware stolen
 Unapproved Administrator Access
 Another set of security issues come from
middleware that sits between the user and
the data
 Single sign on authentication
 Allows users to just have one password to access
all systems but also means that the theft of one
password endangers all systems
 Most companies have several types of
databases so to ensure total security across
databases they hire 3rd party Database
Security Vendors such as Guardium,Inc. and
Imperva, Inc.
 Those companies have solutions for Database
Activity Monitoring (DAM)
 Prices range from $20K to $1 Million
 Another option is data masking – buying a
fake data set for development and testing.
Solution Description Pros Cons
Data Obfuscation Fake or Scrambled data Can be very expensive –
(Masking, Scrambling) set for use by design good fake data can
and implementation range in cost from
teams $200,000 to $1 Million
Encryption of Data Allows personally Adds overhead and
identifiable data to be possible performance
scrambled if intrusion issues.
takes place.
Database Looks for SQL Can eat into over head
Intrusion/Extrusion Injections, Bad access and cause performance
Prevention commands and odd issues – also expensive.
outbound data Needs very specific
criteria to set up.
Data Leak Prevention Catches any data that is Does not protect data in
being sent out of the the actual data
system warehouse.
 Vendors such as Oracle, Microsoft and IBM
know that security is a big concern for data
systems.
 They create built in solutions such as:
 Password Controls
 Data access based on roles and profiles
 IP restrictions for off site access
 Auditing capabilities of who has run what reports
 Security logging
Solution Description Pros Cons
Complex Passwords Makes passwords harder Users write them down
(require numbers and to guess and harder to and keep them next to
symbols) as well as crack computer or forget and
frequent password need multiple resets
changes
Keep Internal and Makes it very hard to Reduces functionality of
External facing hack one and then get databases and restricts
databases separate through to the other flow of internal data
Restrict Downloading Keeps data in the Restricts reporting
database and not loose capabilities and off line
in excel, etc functionality
Restrict Unwanted Again makes it harder Makes integration more
Connections to worm from one difficult and can reduce
system to another user acceptance
SAML (Security Assertion SAML is the standard If not in use blocks the
Markup Language) that is used for Single usage of single sign on
Sign On functionality
 Willwe be able to keep the data secure
while keeping the users happy?
 Tune in Week 10 to find out!
 Same Bat Time
 Same Bat Channel