Databases and data security

1
Databases and data security

• Its your data are you sure its safe?

Team Mag 5 Valerie Buitron Jaime
Calahorrano Derek Chow Julia Marsh Mark Zogbaum
2
Database overview

• Every company needs places to store institutional
  knowledge and data.
• Frequently that data contains proprietary
  information
• Personally Identifiable Data
• Employee HR Data
• Financial Data
• The security and confidentiality of this data is
  of critical importance.

3
Security Overview

• There are four key issues in the security of
  databases just as with all security systems
• Availability
• Authenticity
• Integrity
• Confidentiality

4
Availability

• Data needs to be available at all necessary times
• Data needs to be available to only the
  appropriate users
• Need to be able to track who has access to and
  who has accessed what data

5
Authenticity

• Need to ensure that the data has been edited by
  an authorized source
• Need to confirm that users accessing the system
  are who they say they are
• Need to verify that all report requests are from
  authorized users
• Need to verify that any outbound data is going to
  the expected receiver

6
Integrity

• Need to verify that any external data has the
  correct formatting and other metadata
• Need to verify that all input data is accurate
  and verifiable
• Need to ensure that data is following the correct
  work flow rules for your institution/corporation
• Need to be able to report on all data changes and
  who authored them to ensure compliance with
  corporate rules and privacy laws.

7
Confidentiality

• Need to ensure that confidential data is only
  available to correct people
• Need to ensure that entire database is security
  from external and internal system breaches
• Need to provide for reporting on who has accessed
  what data and what they have done with it
• Mission critical and Legal sensitive data must be
  highly security at the potential risk of lost
  business and litigation

8
Keeping your Data confidential

• Although the 4 pillars are of equal importance we
  are focusing on Confidentiality due to the
  prevalence of data loss in financial and personal
  areas
• We are going to review solutions for
• Internal data loss
• External hacking
• Securing data if hardware stolen
• Unapproved Administrator Access

9
Middleware Security Concerns

• Another set of security issues come from
  middleware that sits between the user and the
  data
• Single sign on authentication
• Allows users to just have one password to access
  all systems but also means that the theft of one
  password endangers all systems

10
3rd party Security Options

• Most companies have several types of databases so
  to ensure total security across databases they
  hire 3rd party Database Security Vendors such as
  Guardium,Inc. and Imperva, Inc.
• Those companies have solutions for Database
  Activity Monitoring (DAM)
• Prices range from 20K to 1 Million
• Another option is data masking buying a fake
  data set for development and testing.

11
Pros and Cons of 3rd Party solutions
12
Built in Database Protection

• Vendors such as Oracle, Microsoft and IBM know
  that security is a big concern for data systems.
• They create built in solutions such as
• Password Controls
• Data access based on roles and profiles
• IP restrictions for off site access
• Auditing capabilities of who has run what reports
• Security logging

13
Pros and Cons of Built In solutions
14
Recommendations?

• Will we be able to keep the data secure while
  keeping the users happy?
• Tune in Week 10 to find out!
• Same Bat Time
• Same Bat Channel