Dealing with Database Security

by Mar 27, 2018

Nearly every month there is another announcement about a company disclosing a data breach in which sensitive customer data was exposed. Last week, it was Orbitz announcing that an outdated site for a business partner was hacked, and the exposed information included data for over eight hundred thousand credit cards that was collected and stored over a nearly two-year period.

Whether the threat comes from an internal or external source, database administrators must be watchful over their assets to help their company be protected from these attacks. Add the stringent requirements and fines of the General Protection Data Regulation (GDPR) to the mix, and that can make a DBA’s job even more important. It is necessary to have the right visibility into who has access to your data and to track all activity in the database, especially where personally identifiable information (PII) is concerned.

IDERA understands the security challenges that DBAs are dealing with and provides tools to help address these issues. SQL Secure analyzes the permissions for each SQL Server user, so that you can verify who has access to what and ensure the appropriate restrictions are in place. You can also review a complete history of SQL Server security settings and designate a baseline to compare against future changes, providing a valuable audit trail for future forensic analysis.

It is imperative to know quickly when a database has been accessed without the proper authorization. SQL Compliance Manager tackles the task of tracking and auditing database activity. You can determine where sensitive data resides and be notified when it is accessed. You can also compare before and after data values resulting from inserts, updates and deletions, to see exactly what was changed. And you can audit privileged users and their activities. Privileged user auditing is key to ensure all access to databases can be tracked and reported.

Many regulatory guidelines require companies to audit their environments and generate reports in order to demonstrate compliance to the requirements. SQL Compliance Manager includes multiple customizable reporting templates to capture the exact information needed for regulations that require controls for PII such as PCI DSS and HIPAA. SQL Secure also includes built-in reports to capture permissions data.

If you are storing any contact data for residents of the European Union within your corporate databases, you are expected to comply with the GDPR requirements which take effect this May. Putting the right processes and policies in place will also benefit your overall data governance strategy. Read this whitepaper to understand more about the security-related aspects of GDPR and how the IDERA Security Suite can address your needs. And download your free trial to see how these tools can help you keep your SQL Server environment secure and compliant.