Protecting sensitive data means locating and enumerating the information in your databases -- and finding the right method to secure it
A Special Analysis For Dark Reading First of two articles
One of the security professional's greatest challenges is to keep the organization's most sensitive data out of harm's way. When it comes to the huge volumes of information stored in databases, however, that's no simple task.
Protecting sensitive information means finding it and securing it in any location, from corporate headquarters to branch locations to mobile devices. Such data isn't always easy to locate -- it may be stored in a variety of formats, from the small SQL files on the CFO's laptop to the enormous databases that contain critical inventories or customer information.
Frequently, databases hold the "crown jewels" of the organization -- the largest and most mission-critical data. This means that a database breach can have serious consequences, whether it comes from an employee with authorized access or from a hacker who comes in via vulnerabilities in poorly-written Web applications that are linked to the database.
Complying with regulations like PCI DSS or SOX has helped many organizations become more aware of their most sensitive data repositories, but it is easy to lose track of what network resources exist when these repositories are spread across multiple office locations. To prevent this sort of oversight, we should look at database security and compliance as a three stage process: locating your databases, enumerating the data, and securing the critical database servers.