|
|
|
17 Dec 2009
Databases may contain customer credit card information, financial data and intellectual property so large and sophisticated predators are keen to crack them open.
The security industry has been failing to adequately protect confidential records. There is a huge black market for personal data. We have heard that bank account details sell for 5 to 10 per cent of the account value and credit card data can sell for up to £30 per account.
The channel must not let the hen guard the chicken coop. Resellers should encourage their customers to put database activity monitoring in the hands of independent information security professionals.
Insider threat also cannot be ignored. Unfortunately, in most organisations privileged database access is granted in excess and poorly managed. Developers and external consultants often have too-easy access to sensitive information and the database itself is difficult to lock down.
On the plus side, database-stored data is subject to compliance stipulations such as privileged user monitoring, audit trails and reporting and keeping patches up to date.
Theoretically, most organisations should cover the database as part of their overall governance and compliance strategy. Most often, they don’t. Several industry research polls claimed recently that 90 per cent of database vulnerabilities go unpatched.
The database is basically a one-stop shop for valuable information. Resolutions must be actionable in real time to detect, alert and prevent.
A solution that allows for separating duties – where the database administrator manages the database and any access to data is fully monitored by a third party, such as an info security team, is what we recommend.
Serious consideration should also be given to third-party access points and data encryption. In short, harden the infrastructure. Apply vendor security patches as quickly as possible (use virtual patching if it can’t be done qu ickly enough), and use strong passwords.
Change all default usernames and passwords. Ensure that client databases aren’t overloaded. The security solution should have little or no impact on database performance. Develop response capabilities such as automated breach prevention capabilities, and prepare a rapid response plan in case of a breach. Isolate and mitigate all incidents.
The channel can add real value to a customer by providing infrastructure services and differentiate themselves by folding in compliance and security reports and alerts from their most valuable assets – databases. They can present a truly unified approach to security, covering all information assets in a corporate network. This is a hot area of security right now, and can be made even more so if the channel can add customised services over the products themselves.
Sudha Iyer is director of product management at LogLogic
Related articles
In this video find out about the fast-growing Chinese vendor's plans for market domination and how the channel is its route of choice
Find out what gifts Acer has in store for partners for 2012 in this exclusive roundup of its recent conference
CRN's premier networking event is back on 17 May at the Ricoh Arena
Date: Thu 17 May 2012
Channel fighters preparing to square up once more on 24 May
Date: Thu 24 May 2012
The proliferation of endpoint devices within the enterprise has highlighted the shortcomings of one of the traditional approaches to data security
This Forrester report compares the costs and benefits of legacy email and productivity software with Google Apps
Dave discovers that rozzers are seemingly living in the technology dark ages
Mark Needham, founder of distributor Widget, argues that John Browett leaves for Apple with Dixons in better shape than when he arrived
|
|
|
Do you agree?
Have your say