Trustwave SpiderLabs Exposes Unique Cybersecurity Threats in the Public Sector. Learn More

Trustwave SpiderLabs Exposes Unique Cybersecurity Threats in the Public Sector. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Offensive Security
Solutions to maximize your security ROI
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

The 10 Principles of Database Security

Best Practices to Stay Ahead of Hackers and Secure Your Critical Data 

In today’s digital economy, data is the lifeblood of business. Protecting sensitive data has become more challenging for organizations in recent years. It’s not simply the increase in the volume of data or the increase in threats – it’s also the fact that as organizations have become more digital, they are moving more of their data and IT infrastructure to a mix of private and public clouds. Today’s enterprise is often a multi-cloud or hybrid environment, with remote workers using numerous cloud-based applications and services to collaborate.  

In other words, there are no longer firm perimeters, and legacy approaches to cybersecurity that focus on network and perimeter security are no longer sufficient. Organizations must adopt a new, data-centric approach to security that focuses on protecting sensitive data no matter where it is.  

We sat down with Mark Trinidad, Senior Product Manager at Trustwave, to discuss how database security has changed and what organizations must do to develop a better approach to securing sensitive data.   

How has database security changed in recent years? 

The focus is now on securing the data itself – no matter where it resides – rather than securing databases on a network. This trend began with the introduction of data privacy and security regulations like GDPR and CCPA several years ago, which spurred people to start thinking differently about data and keeping it secure as it's used throughout an organization and shared with partners. At the time, organizations became very compliance focused. More recently, with the global pandemic accelerating organizations’ shift to the cloud, the focus has moved beyond mere regulatory compliance to become “How do we make sure our data itself is secure, no matter where our databases live or how they’re being accessed.”  

It’s important to realize that even today, the vast majority of an organization’s sensitive data or customer PII resides in databases of some type, whether they’re on-premises or in the cloud; whether it’s a structured SQL database or a no SQL database, or even a data lake. And, as more organizations move their databases to the cloud, perimeter security is no longer enough. They must take a more data-centric approach focused on keeping data secure no matter where it resides. As a result, database security has become an important part of the discussion when organizations are embarking on their cloud migrations. They must consider the optimal and most secure time to move their data from their traditional, on-premises databases to the cloud. In short, there is much more planning and many more conversations taking place in organizations today surrounding database security and how it pertains to other cybersecurity and infrastructure policies and strategies.   

What are the greatest risks organizations face when it comes to database security today? 

All one needs to do is look at the nearly daily headlines of massive data breaches and the damage they cause to organizations and individuals to understand the risks. It’s important to recognize that no matter how the adversary got their hands on the data in those breaches, it all begins with a database somewhere. Even if the data breach was the result of a leaked spreadsheet or email, that sensitive data still resides in a database somewhere in that organization’s environment. 

As more organizations migrate to the cloud, many are lulled into a false sense of security. Too often they believe that because public cloud providers like AWS, Microsoft Azure and Google provide some security features, their data must be safe there. But people must realize that, ultimately, you are the stewards of your data. Security and IT professionals must ensure that wherever their organization’s data resides – whether on-premises or in the cloud – all security features must be not only turned on but also properly configured. There are adversaries out there that use botnets to exclusively search for misconfigured public cloud databases they can exploit. Numerous headlines have shown how easily a simple misconfiguration in the cloud can leave a gaping hole through which an attacker can enter. It can be a very costly mistake.  

What should organizations do to create a strong database security program amid today’s threat landscape?

First, the database security program cannot live in a vacuum by itself. It must involve the relevant people from IT and infrastructure teams in addition to the security team. That’s because a strong database security program impacts not just security but also personnel, IT infrastructure, business operations, application integrity, risk and compliance, database administration and more. All functions must be in agreement that database security needs to be a priority.  

Beyond that, the steps for creating a strong database security program include the following:  

  1. Describe the ideal program in detail, with actionable processes  
  2. Clarify a scope baseline through database discovery and inventory 
  3. Define standards, security and compliance policies  
  4. Conduct vulnerability and configuration assessments 
  5. Identify excessively privileged user accounts 
  6. Implement risk mitigation and compensating controls 
  7. Establish acceptable user and activity policies 
  8. Audit privileged user behavior in real-time 
  9. Deploy policy-based activity monitoring 
  10. Detect, alert and respond to policy violations in real time 

Technology alone will not reduce your risk of database compromise. I like to recommend that organizations aim to create a comprehensive database security program that incorporates people, processes and technology in an interconnected system with continuous assessment, as shown in this graphic:    

18154_picture1

The threat and business landscapes are constantly shifting. Adversaries are attacking from every direction and perimeters are fading away. At its core, a security program needs to be about protecting an organization’s data, no matter where it lives or what method an attacker uses to penetrate that organization. When it comes to cybersecurity today, a data-centric approach must be at the very top of the list of priorities. Legacy, network-based perimeter security is a thing of the past.   


15541_10-principles-of-db-security-design-cover
WHITE PAPER

10 Principles of Database Security Program Design

To read the full whitepaper on “10 Principles of Database Security Design,” along with step-by-step checklists to follow and detailed best practices for creating a comprehensive database security program. 

 

Latest Trustwave Blogs

Understanding Your Network's Security Posture: Vulnerability Scans, Penetration Tests, and Beyond

Organizations of all sizes need to be proactive in identifying and mitigating vulnerabilities in their networks. To help organizations better understand the value and process of a vulnerability scan,...

Read More

Email Security Must Remain a Priority in the Wake of the LabHost Takedown and BEC Operator’s Conviction

Two positive steps were taken last month to limit the damage caused by phishing and Business Email Compromise (BEC) attacks when a joint action by UK and EU law enforcement agencies compromised the...

Read More

Defining the Threat Created by the Convergence of IT and OT in Critical Infrastructure

Critical infrastructure facilities operated by the private and public sectors face a complex and continuously growing web of security threats that are compounded by the increasing convergence of...

Read More