How many dimension should have a Database Assessment method?
A database security assessment is a methodology for the organizations used to identify sensitive data, database vulnerabilities and misconfigurations understanding if their critical database are aligned with respect to internal security control, standard and compliance laws.
Working together with our Clients, we’ve discovered sometimes that databases are vulnerable to unauthorized access due to:
- Insufficient patch levels
- Default or weak passwords
- Data access granted to external people and never revoked
- Test schema with high privileges, etc.
It’s like to leave the door open to unauthorized users who bypass application-level controls and directly alter the data.
The Database Assessment can help every kind of organization to address database security requirements. Here the principal questions you shall address:
- Where are your critical data?
- Who can see, update, delete it?
- What part of data you have to protect?
- When the data is accessed?
A very long experience acquired by NEXTRACE in large enterprise databases can support this critical process following this method:
- Identify the policy and compliance: Identification of all requirements that the company has to follow in terms of data protection directives.
- Implement a "need-to-know" policy: If the customer hasn’t internal policy about the need-to-know we support him/her to prepare a policy document to write who can access to what and the data they must protect, and for how long.
- Checklist: Collect all the answer about the database security domains, highlight the weakness, propose counter-measures and evaluate the costs.
- Design & Implementation. Implementation of counter-measures with database standard features and, if needed, we can suggest products, solutions, best practices and tools to address the weekness.