Despite hackers’ new sophisticated techniques, many data breaches still occur because of basic IT security mistakes. In this post, guest author Vanessa James lays out four critical steps for protecting databases.
As mentioned in the recent article “IT Managers’ Top 5 Priorities for 2013”, a big concern in the next year will be security, both for data and networks. These are some of the steps that IT managers can take to decrease security risks:
1. Monitor access
It is important to monitor who has access to your data. Network information should be on a secure server that is only accessible from the company’s premises — although BYOB and long distance business may require certain exceptions, for which a VPN should be used. It is important to monitor who has access to what. You can also limit who has sharing capabilities. Limiting this can do wonders to maximize your security. You should know exactly who has access and be able to remove it if changes necessitate.
Knowing who has access to documents is important because many security threats come from inside a company. If you notice anything fishy, you have a short list of people to question about inconsistencies. In addition, it’s important to implement a protocol for when employees leave the company. If their network and data access is linked to a specific company account, make it protocol to have them delete that account upon termination of employment. This means that you don’t have to go through individual documents and programs to remove access.
2. Protect the cloud
The trend of moving business functions to the cloud offers a lot of opportunity, but also comes with risks. If your database is in the cloud, make sure you are clear with the provider exactly what sort of access the provider has to your documents. You may be able to negotiate how much control you have over your information.
3. Require secure passwords
While data on the ineffectiveness of passwords against hackers is growing, a business must remember that hackers are not the only threat. Ex-employees may not be technologically savvy enough to hack into a system, but if password security is lax, they can still do significant damage.
It is important to instate a protocol concerning passwords. Have passwords changed on a regular cycle and delete an account when someone leaves. Don’t have a pattern or predictability to your password choice. But don’t put all of the focus on password selection — as mentioned above, anyone with specific skills can get past password protection pretty simply.
4. Specialize in security
One of the best ways to ensue database security is to separate it from database management. Have different people in charge of each issue. This leads to a specialized focus in each department and is a great way to minimize security issues.
Security has always been and will always be an issue in IT. The important thing is to be vigilant and deliberate in your actions. By anticipating problems, you can prevent a lot of them. The clearer your policies are, the easier it is to address an issue when it comes up.
About the author: Vanessa James writes about CIO leadership and issues facing the business technology sector. She currently writes for database performance software provider Confio. In her spare time you can find her at the local rock gym practicing her bouldering skills.