It's Time to Evolve How We Protect Our Data

Tuesday, January 24, 2012

Josh Shaul


State of the Union's Databases: It's Time To Evolve How We Protect Our Data

Over the years, we’ve seen some great achievements in technology from the database vendors, and some amazing applications of those technologies by talented developers and database administrators.

Database user communities are thriving, and with the emergence of new approaches to store (ex: NoSQL) and manipulate (ex: map, reduce) data, we’re processing bigger data than ever before. Profits are up for the major database vendors, who continue to pour investment dollars into acquiring smaller vendors with innovative or competitive technologies.

In the face of all this prosperity, we are in the midst of a war. Enemy forces have been constantly at work – recruiting, training, and boldly attacking again and again. Our databases have been penetrated, our privacy violated, our corporate secrets exfiltrated and posted on the web.

We live in an era in which our databases and the precious data within them are vulnerable. Vulnerable to attack from outside forces, who often use SQL injection to access corporate databases directly from the internet. Vulnerable to malicious employees, who can abuse their access to the network to seize control of unpatched systems.

Vulnerable to database users and administrators, who can often easily abuse their access to the databases to steal, modify, or delete critical business data.

Over the years, we’ve spent uncountable amounts of money on information security, yet we still find ourselves exposed to attack. It’s time to accept that while the ways of the past have protected us from many avenues of attack, those ways have been insufficient to protect our data.

We must step back for just a moment and think like a hacker – when someone attacks your organization, they generally want to steal your data. With that simple thought in mind, it is time to evolve the way we protect our data, and start to focus our security efforts on the data storage and access points themselves, rather than on the network environment that the data lives in.

For the vast percentage of sensitive information stored by enterprises, that storage and access point is the database.

Attackers are trying to exploit our weaknesses and gain access directly to our databases. Their recent success has grown their popularity, swelled their ranks, and emboldened their forces. All, however, is not lost. In fact, there is plenty of reason for hope.

Advanced systems for protecting databases have been available for several years now, and have become mature and reliable technology. Databases can be locked down with secure configurations, strong access controls, and effective patch management strategies. Database access can be closely monitored 24/7 by automated systems that can identify and stop malicious behavior or data theft as it happens.

2012 will be a year of transition. If we don’t act to better protect our databases, the attackers will continue their successful ways, and the situation could quickly erupt into an all out information arms race as the number of successful attacks skyrockets.

If we take hold of the opportunity in front of us, and act now to better protect our databases – to scan them for vulnerabilities and fix the problems, to limit user privileges based on business needs, and to constantly monitor for attacks and abuse – we will thwart the attackers.

With the right protections in place, databases can become the fortresses we need to secure our most valuable information assets.

Possibly Related Articles:
Information Security
SQl Injection Storage Databases Access Control Data Loss Prevention Patch Management Exploits Network Security hackers TeamSHATTER Database Activity Monitoring vendors Privileges Josh Shaul Exfiltration Network Scanning
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.