Apac
  • Home
  • CXO Insights
  • CIO Speaks
  • Partner Conferences
  • Newsletter
  • Subscribe
  • News
  • About us
Apac
  • Agile

    Artificial Intelligence

    Augmented Reality

    Big Data

    Blockchain

    Cloud

    Cyber Security

    DevOps

    Digital Technology

    Enterprise Security

    HPC

    Internet of Things

    IT Services

    Mobility

    Networking

    Open Source

    POS

    QA and Testing

    Robotics

    SaaS Solutions

    Security

    Simulation

    Smart City

    Startup

    Storage

    Unified Communication

    Virtualization

    Web Development

    Wireless

  • Automotive

    Aviation and Aerospace

    Banking

    Compliance

    Construction

    Contact Center

    E-Commerce

    Education

    Energy

    Engineering

    Field Service

    FinTech

    Gov and Public

    Healthcare

    Insurance

    Legal

    Logistics

    Manufacturing

    Media and Entertainment

    Metals and Mining

    Pharma and Life Science

    Retail

    Sports

    Telecom

    Travel and Hospitality

    Utilities

  • Amazon

    CISCO

    Dynamics 365

    Google

    HP

    IBM

    Intel

    Microsoft

    Microsoft Azure

    Oracle

    Red Hat

    Salesforce

    SAP

    Share Point

    VMware

  • Business Intelligence

    Business Process Management

    CEM

    Cognitive

    Collaboration

    Corporate Finance

    CRM

    Data Center

    Disaster Recovery

    Document Management Systems

    Enterprise Architecture

    Enterprise Asset Management

    Enterprise Performance Management

    ERP

    Fleet Management

    Gamification

    Geographical Information System

    HR Technology

    IT Service Management

    Managed Services

    Payments

    PLM

    Procurement

    Project Management

    Risk Management

    Sales and Marketing

    Workflow

Menu
    • Cyber Security
    • Amazon
    • Banking
    • Blockchain
    • CISCO
    • Cognitive
    • Compliance
    • Contact Center
    • DevOps
    • E-Commerce
    • Field Service
    • Gov and Public
    • Healthcare
    • HR Technology
    • IoT
    • Managed Services
    • Manufacturing
    • Metals and Mining
    • Microsoft
    • Oracle
    • Pharma and Life Science
    • Retail
    More
    Contact Center DevOps E-Commerce Field Service Gov and Public Healthcare HR Technology IoT Managed Services Manufacturing Metals and Mining Microsoft Oracle Pharma and Life Science Retail
    ×

    Subscribe to our Newsletter

    news
    news

    Join our mailing list for the latest articles, news, and exclusive insights from prominent technology leaders

    loading
    SUBSCRIBE

    Thank You for subscribing with us. We sent you an email regarding this.

    news

    • Home
    • Cyber Security
    Editor's Pick (1 - 4 of 8)
    left
    Leadership Framework for Building Elite Teams

    Douglas Duncan, CIO, Columbia Insurance Group

    Four Cybersecurity Weak Spots You Should Care About When Others Don't

    Marc Probst, CIO & VP, Intermountain Healthcare

    Secure Text Messaging in an Academic Medical Center - Experience and Lessons

    Kari Cassel, SVP & CIO, UF Health

    It's Time to Turn Security Inside Out

    Gilad Raz, CIO, Varonis

    Top 3 Challenges Growing Businesses Face and How the Cloud Can Help

    Ken Shulman, CIO & CTO, Broadview Networks

    Cloud Security Grows Up

    Kevin Winter, VP & CIO, Booz Allen Hamilton

    Neil Jarvis, CIO, Fujitsu America, Inc

    Moving towards an Intelligent, networked and boundary less world

    Rajeev Batra, CIO, MTS India

    right

    5 tips for keeping your database secure

    By Lukas Raska, COO, APAC, ESET

    Tweet
    content-image

    Lukas Raska, COO, APAC, ESET

    When we give privacy or security advice, we usually talk about strong passwords, backing up your data, using security applications, keeping systems up to date, and avoiding default settings. In general, these are the most basic and essential precautions any systems manager must consider. However, depending on the system you want to protect, there are some additional issues to consider.

    According to a survey by ESET on the cybersecurity state of SMBs in APAC, the average cost per breach is over US$36,000.Given the alarming frequency of information theft and leaks and high cost per breach, here are five key tips for keeping databases secure, especially when they are hosted in the cloud or by third-party providers.

    1. Control Access to The Database

    The saying “too many cooks spoil the broth” is spot on when it comes to information security. Very rarely do you get a positive result when lots of people meddle in something. Therefore, the more you limit permissions and privileges to your database, the better.

    Rigorous access control is the first step to keeping attackers away from your information. In addition to basic system permissions, you should also consider:

    • Limiting access to sensitive data for both users and procedures—in other words, only authorizing certain users and procedures to make queries relating to sensitive information.

    • Limiting the use of key procedures to specific users only.

    • Whenever possible, avoid simultaneous use and access outside normal or office hours.

    It is also a good idea to disable all services and procedures that are not in use in order to prevent them from being attacked. Whenever possible, the database should also be located on a server that is not directly accessible from the internet as this prevents information from being exposed to remote attackers.

    2. Identify Sensitive and Critical Data

    The first step, before considering protection techniques and tools, is to analyze and identify what important information must be protected. To do so, it is important to understand the logic and architecture of the database, to make it easier to determine where and how sensitive data will be stored.

    Not all data is critical or needs protection, so it is productive to spend time and resources on identifying on-sensitive information.

    The first step, before considering protection techniques and tools, is to analyze and identify what important information must be protected

    We also recommend keeping an inventory of the company databases, taking all departments into account. The only way to effectively administrate and avoid losing information is to keep a record of the entire company’s instances and databases.

    What’s more, an inventory is particularly useful when doing an information backup and acts as an added measure to avoid missing critical data out during backup.

    3. Encrypt information

    Once the sensitive and confidential data have been identified, it is good practice to use robust algorithms to encrypt that data.

    When an attacker exploits a vulnerability and gains access to a server or system, quite often the first thing they will try to steal is the databases. These are a valuable treasure, as they usually contain many gigabytes of important information. The best way to protect a database is to make it illegible to any person who accesses it without authorization. One measure organizations can adopt to prevent unauthorized access would be to implement two-factor authentication (2FA) solutions. In APAC, only 34 percent of SMBs have implemented 2FA solutions.

    4. Anonymise non-production databases

    Many companies invest time and resources in protecting their production databases, but when developing a project or creating a test environment, they simply make a copy of the original database and use it in environments that are not as tightly controlled.

    Masking, or anonymization, is a process through which a similar version is created, maintaining the same structure as the original but modifying the sensitive data so that it remains protected. With this technique, values are changed while maintaining the format.

    The data can be changed in different ways: mixing it together, encrypting it, mixing up the characters or substituting words. The specific method used and the rules and formats that need to be respected will be up to the administrator. Whatever method is used, it is critical to ensure the process is irreversible; that is, no amount of reverse engineering will enable anyone to obtain the original data again.

    This technique is especially used - and recommended - for databases that are part of a testing and development environment because it allows you to preserve the logical structure of the data while ensuring that sensitive client information is not available outside the production environment.

    5. Monitor your database activity

    Being aware of auditing and recording actions and data movement means that you know what information has been handled, when and how, and by whom. Having a complete history of transactions allows you to understand data access and modification patterns, and thus avoid information leaks, control fraudulent changes and detect suspicious activity in real time.

    Remember to follow these tips and be very careful when managing and protecting your databases. The information they hold is very valuable to the company and a very attractive prize for attackers, so it should definitely deserve your full attention.

    Read Also

    Human behaviour the weak link in cyber defence

    Human behaviour the weak link in cyber defence

    Memcached DDos: The New Kid On The Block

    Memcached DDos: The New Kid On The Block

    2018 Global Data Regulations and Compliance Heat Up - Are You Ready?

    2018 Global Data Regulations and Compliance Heat Up - Are You Ready?

    Please tell me This is not Y2K again!

    Please tell me This is not Y2K again!

    25 Hottest Cyber Security Companies - 2018

    25 Hottest Cyber Security Companies - 2018

    Top 25 Cyber Security Technology Companies 2017

    Top 25 Cyber Security Technology Companies 2017

    Featured Vendors

    I-Sprint Innovations

    Dutch Ng, CEO

    HP

    Richard Bailey, President - Asia Pacific & Japan (APJ)

    Cyber Security Special

    Copyright © 2019 APAC CIOoutlook. All rights reserved. Registration on or use of this site constitutes acceptance of our Terms of Use and Privacy Policy  |  Sitemap

    follow on linkedinfollow on twitter follow on rss
    This content is copyright protected

    However, if you would like to share the information in this article, you may use the link below:

    https://cyber-security.apacciooutlook.com/cxoinsights/5-tips-for-keeping-your-database-secure-nwid-5011.html