Advertise

Risk

12/22/2011
09:55 AM

Dark Reading
News

0 comments
Comment Now

50%

7 Strategies For Better Database Security In 2012

Segmenting, hardening, encrypting, insuring, and planning--these are good New Year's resolutions for database administrators.

As organizations gear up for a new year, now is the perfect time to look at processes and technologies and reassess how well they really are mitigating risks. On the database level, there are a number of foundational activities that many organizations are still failing to carry out effectively.

The following action list is compiled from some of the advice doled out by database security experts in 2011. Use it wisely to come up with a sane plan in 2012 and beyond:

1. Make Sure Your Database Isn't Easily Searchable On The Web
Several breaches this year embarrassed organizations because their IT departments configured databases touching Web-facing interfaces in such a way that they could be easily searched on the Web.

"The databases that exist today have ultimately been designed to allow the easiest access from a multitude of devices and places. In many people's minds, they think you need to access a server with an application running on that, and that there is a measure of safety for the data sitting underneath the application because the application is secure," said Dr. Mike Lloyd, CTO of RedSeal Systems. "But your database is sitting out there, and, in many cases, when it came out of the box, it came configured to be connected to the Internet."

See: Web-Searchable Databases An Increasing Security Risk

2. Segment Your Data Better
When organizations segment their high-value data in databases separate from less sensitive information, they're able to prioritize risk management and institute more targeted protection layers.

"Medium to large organizations are not segmenting enough," said Chris Novak, managing principal at Verizon Business. "In these organizations, they've got databases spread over offices, campuses, and complexes around the globe. And the problem is that if they're not segmenting, then a risk in one place becomes a risk everywhere."

See: Sound Database Security Starts With Segmentation

Read the rest of this article on Dark Reading.

Database access controls keep information out of the wrong hands. Limit who sees what to stop leaks--accidental and otherwise. Also in the new, all-digital Dark Reading supplement: Why user provisioning isn't as simple as it sounds. Download the supplement now. (Free registration required.)

Comment |

Email This |

Print |

RSS

More Insights

Webcasts

Building Asset Management into Your Enterprise Security Strategy

How the Rapid Shift to Remote Work Impacted IT Complexity and Post-Pandemic Security Priorities

More Webcasts

White Papers

How to Optimize Your Windows 10 Defense Strategy

Top Threats to Cloud Computing: The Egregious 11

More White Papers

Reports

Improving Security by Moving Beyond VPN

Accelerate Threat Resolutions with DNS

More Reports

Comments

Newest First | Oldest First | Threaded View

[close this box]

Be the first to post a comment regarding this story.

Editors' Choice

Enterprises Remain Riddled With Overprivileged Users -- and Attackers Know It

Robert Lemos, Contributing Writer, 4/1/2021

Inside the Ransomware Campaigns Targeting Exchange Servers

Kelly Sheridan, Staff Editor, Dark Reading, 4/2/2021

Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain

Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia, 3/30/2021

Live Events

Webinars

Cybersecurity Risk Management FREE Event 4/22

Earn (ISC)2 CPEs at Interop Digital, April 29

More Informa Tech Live Events

White Papers

What Elite Threat Hunters See That Others Miss: Case Study

How to Optimize Your Windows 10 Defense Strategy

The Dark Side of SD-WAN

Top Threats to Cloud Computing: The Egregious 11

Zero Trust Evaluation Guide

More White Papers

Cartoon

Post a Comment

Cartoon Archive

Current Issue

2021 Top Enterprise IT Trends

We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

How Enterprises are Developing Secure Applications

Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.

Download Now!

Assessing Cybersecurity Risk in Today's Enterprises

0 comments

The Malware Threat Landscape

0 comments

How Data Breaches Affect the Enterprise (2020)

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2021-29445
PUBLISHED: 2021-04-16

jose-node-esm-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDe...

CVE-2021-29446
PUBLISHED: 2021-04-16

jose-node-cjs-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDe...

CVE-2021-29451
PUBLISHED: 2021-04-16

Portofino is an open source web development framework. Portofino before version 5.2.1 did not properly verify the signature of JSON Web Tokens. This allows forging a valid JWT. The issue will be patched in the upcoming 5.2.1 release.

CVE-2021-29452
PUBLISHED: 2021-04-16

a12n-server is an npm package which aims to provide a simple authentication system. A new HAL-Form was added to allow editing users in version 0.18.0. This feature should only have been accessible to admins. Unfortunately, privileges were incorrectly checked allowing any logged in user to make this ...

CVE-2021-29444
PUBLISHED: 2021-04-16

jose-browser-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDec...

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]