1 / 14

Databases and data security

Databases and data security. It’s your data – are you sure it’s safe?. Team Mag 5 Valerie Buitron Jaime Calahorrano Derek Chow Julia Marsh Mark Zogbaum. Database overview. Every company needs places to store institutional knowledge and data.

spike
Download Presentation

Databases and data security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Databases and data security It’s your data – are you sure it’s safe? Team Mag 5 Valerie Buitron Jaime Calahorrano Derek Chow Julia Marsh Mark Zogbaum

  2. Database overview • Every company needs places to store institutional knowledge and data. • Frequently that data contains proprietary information • Personally Identifiable Data • Employee HR Data • Financial Data • The security and confidentiality of this data is of critical importance.

  3. Security Overview • There are four key issues in the security of databases just as with all security systems • Availability • Authenticity • Integrity • Confidentiality

  4. Availability • Data needs to be available at all necessary times • Data needs to be available to only the appropriate users • Need to be able to track who has access to and who has accessed what data

  5. Authenticity • Need to ensure that the data has been edited by an authorized source • Need to confirm that users accessing the system are who they say they are • Need to verify that all report requests are from authorized users • Need to verify that any outbound data is going to the expected receiver

  6. Integrity • Need to verify that any external data has the correct formatting and other metadata • Need to verify that all input data is accurate and verifiable • Need to ensure that data is following the correct work flow rules for your institution/corporation • Need to be able to report on all data changes and who authored them to ensure compliance with corporate rules and privacy laws.

  7. Confidentiality • Need to ensure that confidential data is only available to correct people • Need to ensure that entire database is security from external and internal system breaches • Need to provide for reporting on who has accessed what data and what they have done with it • Mission critical and Legal sensitive data must be highly security at the potential risk of lost business and litigation

  8. Keeping your Data confidential • Although the 4 pillars are of equal importance we are focusing on Confidentiality due to the prevalence of data loss in financial and personal areas • We are going to review solutions for • Internal data loss • External hacking • Securing data if hardware stolen • Unapproved Administrator Access

  9. Middleware Security Concerns • Another set of security issues come from middleware that sits between the user and the data • Single sign on authentication • Allows users to just have one password to access all systems but also means that the theft of one password endangers all systems

  10. 3rd party Security Options • Most companies have several types of databases so to ensure total security across databases they hire 3rd party Database Security Vendors such as Guardium,Inc. and Imperva, Inc. • Those companies have solutions for Database Activity Monitoring (DAM) • Prices range from $20K to $1 Million • Another option is data masking – buying a fake data set for development and testing.

  11. Pros and Cons of 3rd Party solutions

  12. Built in Database Protection • Vendors such as Oracle, Microsoft and IBM know that security is a big concern for data systems. • They create built in solutions such as: • Password Controls • Data access based on roles and profiles • IP restrictions for off site access • Auditing capabilities of who has run what reports • Security logging

  13. Pros and Cons of Built In solutions

  14. Recommendations? • Will we be able to keep the data secure while keeping the users happy? • Tune in Week 10 to find out! • Same Bat Time • Same Bat Channel

More Related