Get documents about "ppt - ISACA Sacramento
Shared by: niusheng11
-
Stats
- views:
- 9
- posted:
- 7/30/2011
- language:
- English
- pages:
- 86
Document Sample
Enterprise Data Security
Ulf T. Mattsson, Chief Technology Officer
ulf.mattsson AT protegrity.com
March 2007 Membership Meeting
Summary
We will review a case study about an Enterprise Data Security project
including the strategy that addresses key areas of focus for database security
encompassing all major RDBMS platforms, including DB2 with RACF, and file
systems, including VSAM.
It presents the current state of database security tools and processes, the
current needs of a typical enterprise, and a plan for evolving the data security
for CICS, IMS and other platforms.
This strategy will help set direction for the blueprint of data security and provide
a composite high level view of data security policies and procedures for the
purpose of satisfying growing regulatory and compliance requirements and
develop high level timeline and for all steps of development.
This session presents a three steps strategy to address current outstanding
audit concerns and positioning to more readily address the evolving regulatory
landscape.
Agenda
- Problem Statement - State of the Industry
- Case Study - How to solve it?
- Case Study - A Data Encryption Strategy Project
- A Market Transition in Data Security Management
- Best Practices in Enterprise Data Protection
ConSec 2006
Enterprise Data Security Governance
A Case Study
Ulf T. Mattsson, Chief Technology Officer
ulf.mattsson AT protegrity.com
Agenda
- Problem Statement - State of the Industry
- Case Study - How to solve it?
- Case Study - A Data Encryption Strategy Project
- A Market Transition in Data Security Management
- Best Practices in Enterprise Data Protection
Problem Statement
Data security capabilities required to be compliant with:
• Internal Data Protection Strategies
• GLBA Remediation
• PCI Compliance
• SB 1386, …
• …
The primary problem with many compliance initiatives is
• A focus on existing security infrastructure
• Addresses only the network and server software threats.
But the data security capabilities required to be compliant
goes far beyond these technologies.
Problem Statement ...
Network and server software protections
• Network Firewalls, Intrusion Prevention Systems,
• Provide no insight into data-level attacks
• Targeted directly against a database
• Indirectly via a web application.
Regulatory compliance requires an understanding of who is
allowed to access sensitive information?
• From where did they access information?
• When was data accessed?
• How was data used?
The bottom line is that data security requires a new approach
that extends the breadth and depth of IT’s ability to secure
information.
How are organizations solving it?
Understand database security is an ongoing process.
• More and more enterprises make database security a top priority to
meet growing compliance requirements
• To protect themselves from increased intrusions –
• Both external and internal attacks.
Define strong policies and procedures.
• Work with auditor, security group, and IT department to
• Outline strong policies and procedures for databases.
Information security policies and procedures should dictate
databases’ security policies and not vice versa.
• Revisit security policies and procedures every quarter to
• Ensure that they continue to meet business requirements, and
• Strive to adapt to newer technologies.
How are organizations solving it? …
Tackle different compliance requirement individually.
• Each compliance requirement is different; therefore, make sure to
understand each compliance implication for the enterprise databases.
• For example, SOX mainly requires that production financial databases
be protected and no inappropriate changes be made, while HIPAA
requires that all personnel information be protected from unprivileged
users in all environments, including test and development.
Focus on an overall, unified security strategy.
• To have a robust security implementation, database security must be
integrated with application-, IT-, network-, and infrastructure-level
security.
• End-to-end security implementation should be the goal for
enterprises.
How are organizations solving it? …
Manage security patches.
• DBMS vendors are churning out security patches faster than ever
before as new vulnerabilities are discovered.
• Although security patches are critical, not all databases need them, so
check to ensure that they are applicable.
• While DBMS vendors will continue to work on simplifying security
patch deployment, enterprises are seeking security patch
management solutions to ensure critical patches are applied in a
timely manner.
Document your security policies and implementation
processes.
• Documentation remains important, not only for formalizing data
security practices, but also in a court of law, should the situation
arise.
Risks
While company databases are
• Protected by perimeter security measures and
• Built in RDBMS security functionality,
they are exposed to legitimate internal users at some
degree.
Due to the fragmented distribution of database environments,
• Real time patch management,
• Granular auditing,
• Vulnerability assessment, and
• Intrusion detection
become hard to achieve.
Risks
With
• Growing percentage of internal intrusion incidents in the
industry and
• Tougher regulatory and compliance requirements,
Companies are facing tough challenges
• To protect company sensitive data against internal
threats and
• Meet regulatory and compliance requirements.
Agenda:
State of the Industry - Problem Statement
Case Study - How to solve it?
A Data Encryption Strategy Project
A Market Transition in Data Security Management
Best Practices in Enterprise Data Protection
Case Study
Define enterprise level, enforceable database security policy
and procedure. This must include following areas:
- Separation of duties.
- Data Access.
• Access data on an as needed basis only.
• Refine production application data access role, to allow access to only
the necessary data and privilege based on different business function.
• Read only access should be limited, Developer access to application
accounts (backdoor data access) should be prohibited. (NEED TO
KNOW ACCESS)
Case Study
Define enterprise level, enforceable database security policy
and procedure. This must include following areas:
- Break down DBA access.
• Refine DBA role into different categories.
• For example, production support level I, production support level II
and application support role.
• Only necessary role should be granted to DBA based on their
individual responsibility for various applications.
• DBA should not access application data on regular basis, but a close
review of database administration for different RDBMS platform must
be performed to ensure that the ability to respond and resolve is not
hampered dramatically that eventually affect the business.
- Establish database security officer (group)
• Define and enforce database security policies and procedures, to
close monitor industry trends and adopt new technology.
• For example, administer ―database firewall‖ and generate audit report
to comply with different regulatory requirement.
Case Study
Granular Auditing, Vulnerability assessment and intrusion detection.
• As our user base becomes more varied and wide, the ability to
monitor and detect inappropriate behavior becomes even
more critical to ensuring that our information is protected.
• Taking into account the aforementioned requirements,
auditing of activity adds another level of detection that can be
utilized to enhance overall security and meet regulatory and
compliance requirements.
Case Study
This must be done as efficiently as possible - the
following functions must be considered:
Database Activity Monitors
• Network appliances or servers that monitor database and
• Log activity that is external to the database server, and can generate
real time alerts based on unusual behavior or policy violations.
Case Study
Audit
• Be able to collect and store a rich set of audit data and provide built-in
reporting capabilities flexible enough to meet all internal or external
compliance requirements.
• For example, PCI requires one year audit data that include all
accesses to card holder private data.
Database Vulnerability Scanners
• Software tools for scanning databases for known vulnerabilities.
• Those tools are similar to other vulnerability scanners, but can
perform more-advanced database configuration and structural scans.
Case Study
Heterogeneous database platform support
• All our company database platforms should be supported
Minimum Impact on Database Performance, Stability, or
Administration
• The solution should have minimum or zero impact on database
performance and stability, and should be administrated by security
officer with minimum database expertise requirement.
Case Study
Strategy Initiatives
Divided into phases.
• Phase 1 - Initiatives to prevent immediate threats and resolve open
audit concerns are addressed
• Phase 2 will continue efforts to enhance and refine our environment to
meet regulatory and compliance requirements.
• Phase 3 will include efforts to further reduce database security risks
efficiently and effectively, and to address new challenges as
environments continue to evolve.
Note: All efforts within this strategy will be coordinated, where
appropriate, with other projects ongoing at This company
including (but not limited to):
• Data Protection Strategy
• GLBA Remediation
• PCI Compliance
Case Study - Phase 1
Review production data access privilege for non-DBA accounts.
• Notes: This is only analysis phase.
Developer should not have access to sensitive production data on a
normal basis.
• Necessary audit trail must be provided when production issue arises and
examining production data is part of the solution.
• Also, backdoor access (using generic application account) to production
database should be prohibited.
• Database roles for application generic account and developer account need
to be carefully reviewed and refined. Unnecessary access to sensitive data
should be minimized.
Key milestones:
• Primary DBA for each application review application role privilege, identify
roles/accounts which have privileges to access production data.
• Communicate with development team for each application, and document the
usage of those roles/accounts identified in step 1.
Case Study - Phase 1
Assess the responsibilities and organization structure of database
security officer to administer database security related functions,
• Monitor industry trends and revise database security policy.
Perform analysis, via RFI Process, to review database security
technology.
• Review new technologies that provide additional database security levels
including database security firewalls, intrusion detection software,
vulnerability assessment software, etc.
• These products will be based on the requirements mentioned in the previous
section ―How are we solving it?‖
Key milestones:
• NDA preparation
• Vendor product review
• Analysis and document (including scorecards)
Case Study - Phase 2
SQL-Server and DB2 DBA security role implementation.
Proceed with RFP process for any identified database
security technology acquisitions based on analysis
performed in Phase1.
• Complete RFPs, Secure funding for effort.
• Install technology for knowledge building.
• Build processes and procedures, Roll out product(s).
Update This company database security policy for best
practice and publication.
• This includes updating current policy and the addition of any
new technology/processes being introduced into the
environment.
Case Study - Phase 2
Explore database only network segment(s) for different geographic
locations to further secure database environment for all platforms.
Refine and deploy Security Patch management process to ensure
RDBMS vendor security patch are reviewed and critical patch are
applied in a timely manner
• Current process is adequate but the application of patches needs to be
better managed for all database platforms.
Implement production data in test security measures and ensure no
production data in development databases.
Case Study - Phase 3
1. Execute on decisions, if any, based on database only
network segment for different geographic locations and
migrate database servers to identified segment.
2. Enforce the company database security policy at
corporate level,
3. Ensure the policy is adopted in the entire application
development cycle.
Case Study
Constraints
• Due to the complexity of the company’s current network layout,
in-line intrusion prevention may not cost justify to implement.
• Databases that reside on personal computer and laptop are
out of the scope of the strategy.
Assumption
• Database encryption is being reviewed as part of ―data
protection strategy‖ project.
Case Study - Conclusion
• Database security is becoming top priority of enterprises
• Meet growing compliance requirements and
• Protect sensitive data from increased intrusions.
• By implementing solutions documented above,
• A better position to face growing database security challenges,
• To proactively meet regulatory and compliance requirements and
• To better control our sensitive data.
• Database security is an ongoing process,
• We must revisit and refine our strategy regularly to
• Adopt new technologies and
• Address new challenges as
• Environment continue to evolve.
Agenda:
State of the Industry - Problem Statement
Case Study - How to solve it?
A Data Encryption Strategy Project
A Market Transition in Data Security Management
Best Practices in Enterprise Data Protection
A Data Encryption Strategy Project - Example
1. Documentation review: Most of the ―current state‖ documents have
been received. Project plans needed.
2. Author / designer interviews: Interviews with authors or designers
will continue throughout this week.
3. Security practices / control usage analysis: Series of 20
interviews with app. managers, remote offices.
4. Gap analysis: Gaps between regulations, stated policies, enforcement
and security ―as practiced.‖
5. Benchmarking / Best practices analysis: Compare interview
results vs. third party research.
6. Compensating controls analysis: Compare stated compensating
control effectiveness vs. best practices.
7. Data encryption strategy: Integrate analytical findings with
recommendations on encryption vs. other controls.
Data Flow Diagrams w/ Data Security
Gap Analysis: Regulations - Policies - Enforcement - Practice
Endpoint Network Access Data
Regu-
Security Security Controls Encryption
lations
Policies
99th Policies Gap #1
Policies Percentile 80th
70th Percentile
Percentile Policies
Enforcemt 40th Written
90th Percentile Policies
Enforcemt Percentile
80th
Percentile Practices Gap #2
Enforcemt
95th Enforcemt 30th
Percentile 50th Percentile
Practices Percentile Enforce-
40th ment
Percentile
Practices Gap #3
30th
Practices
Percentile
10th Security
Percentile
Practices
Data Classification by Level of Protection
Data Biz Risk
Class High
Med
Low
E, R R E, R
Confidential A A A
B, A B, A B, A
A A A R R
Proprietary E, A
B, A B, A
R R
Internal Use A A A A
B, A B, A
E, R R E, R
Customer A A B, A B, A
Location C
R R
Public A A Department B
B, A B, A
Process A
Email Struct. Access Data in Appl Central E = Encryption
Msgs. Files DBs Transit Data Database R = Redundancy
B = Auto Backup
A = Access Control
Security Documentation Overall
Security Documentation Review / Analysis
Below Avg. Average Above Avg.
Policy Completeness Organization issues
Policy Enforceability Punishment specs
Policy Awareness Very good in IT
Security Architecture Security architect?
Network Security Excellent
Storage Security Not in most docs
Application Security Reviewed few apps
Database Security Being upgraded
Data Security Vulnerability Points
DMZ TRUSTED SEGMENT TRANSACTIONS
End- Internet
Serv Load Enterprise DB Server Internal
point
er Balancing Apps Users
DB
NW
SAN,
Wire- Proxy IDS/ Proxy Network Keys NAS, Proxy
Serv
less FW IPS Web Apps FW Devices Tape FW Members
er
Organization data security vulnerability points under study:
1. Endpoint security / desktop security / wireless security
2. Customer access to Organization via Web Applications
3. Web application development and access controls
4. Global bulk file transfer to/from member institutions
5. Corporate network infrastructure, including firewalls, IDS/IPS
6. XxxNet/YyyNet global infrastructure
7. Application-to-database access controls
8. Database management controls, including separation of duties
9. Key management systems
10. Customer premises HW/SW data protection (the XXX)
11. Protection of stored data in SAN, NAS and backup tapes
Control Effectiveness Rating
Control Pervasiveness In Practice Usage
Effectiveness
Strong
Mixed
DB access Awareness of Compliance with
Weak control Externally facing Internally facing control control
Effectiveness ratings cover the use of the control across multiple organizations and applications in the enterprise
Corporate data center
Division data centers
Regional offices
Home offices
Remote users
Effectiveness ratings are also applied to service providers who handle sensitive data on behalf of the enterprise
Service providers
Resellers
Best Practices in Data Security - Interview
Agenda:
State of the Industry - Problem Statement
Case Study - How to solve it?
A Data Encryption Strategy Project
A Market Transition in Data Security
Management
Best Practices in Enterprise Data Protection
Management of Data Security
Point Solutions
Application
Security
Policy
Database
Audit
File System
Storage System
Management of Data Security
Enterprise Solutions
Security
Policy
Audit
A market transition in data
security management
The market drive is clear
• Corporations want complete solutions from a single vendor.
• This is a classic market shift from best-of-breed to integrated
suite
• The timing is right for point solution vendors to integrate a
comprehensive security offering that will dominate the market.
• Re-define existing market segmentation
• By integrating with the technologies
• Deliver a suite that provides ease of deployment,
• Operational efficiency and
• Lower total cost of ownership.
Corporations want complete solutions from
a single vendor - a broad integrated data
security management suite:
• Centralized policy-driven security under the control and management of a
security administrator
• Protection throughout the lifecycle of sensitive information in applications
and repositories that manage the data
• Centralized, corporate-wide compliance reporting, auditing, alerting, and
management reporting
• A software-only solution that is simple to deploy throughout an enterprise
and scales with the computing platforms
Corporations want complete solutions from
a single vendor - a broad integrated data
security management suite:
• Broad support for databases and operating environments typically found
throughout organizations
• Access control and encryption key management to ensure centralized
control of access to sensitive information
• Protection that lasts as long as the data
• Enterprise focus that are not addressed by point-solution vendors
Security management delivers the
ROI for security
• Securing an individual database or application is a challenge, but
• The real corporate challenge is to tie security together across the
enterprise.
• Security officers need to
• Manage the data security policies that are in effect,
• Know how effective the security mechanisms are, and
• Be alerted to the level of threat activity the corporation is experiencing.
Security management delivers the
ROI for security
• At the same time, the security organization needs a mechanism to
demonstrate regulatory compliance and report back to executive
management what the company is getting for their investment in
security.
• 3rd Party Solutions provides the tools to accomplish these goals.
There is nothing homogeneous about
corporate security
• Securing an enterprise requires the ability to secure all of the critical
computing platforms.
• In every company, there are multiple forms and versions of hardware,
operating systems, databases, and applications.
• Securing one database but not another is like locking the front door
while leaving the back door open.
• Security requires a comprehensive approach.
There is nothing homogeneous about
corporate security
• Attempting to manage one solution for a particular platform, and a
completely different solution for another platform results in a security
management nightmare.
• Deliver consistent centrally managed security across an exceptional
range of computing platforms.
• Each of the database vendors delivers some form of column level
security, and each operating system delivers some level of file security.
• For example, Oracle has consistently improved its column-level
security offering. However, 3rd Party Solutions competes effectively
with the Oracle offering by focusing on the heterogeneous nature of the
security challenge.
• Even in an “Oracle shop”, there are invariably several different versions
of the database deployed, and Oracle’s own security solutions have
been inconsistent from one version to the next.
There is nothing homogeneous about
corporate security
• At the same time, each of the vendor solutions has done little to provide
central controls and management reporting, and they are particularly
challenged by key management.
• Most importantly, each vendor only addresses their own platform;
Oracle security will not control IBM database security, and IBM cannot
control Microsoft SQLServer security, and so on.
• The security officer is faced with a patchwork quilt of incompatible
solutions.
• 3rd Party Solutions offers a clean homogeneous answer to a
heterogeneous computing environment problem.
Market Drivers
Regulatory Requirements:
• Payment Card Industry (PCI) – the consortium of VISA, Organization, Amex and
others has established uniform requirements for protecting cardholder data. PCI
is a global initiative with adverse financial impact for failure to comply, and as
such it is a major driver in the retail and financial markets.
• To date, less than 30% of all merchants and card processors subject to the PCI
regulations have successfully complied with the requirements and passed an
audit, and each year the standards are being applied more strictly.
• As a result, this is the single biggest driver of 3rd Party Solution's business.
• Privacy Regulations – there are many governmental regulations relating to
privacy throughout the world, and all industries and organizations are subject to
them.
Market Drivers
Regulatory Requirements:
• California created the original U.S. legislation upon which over 25 states and the
Federal government have based their regulations.
• These statutes require notification of individuals and public disclosure of data
breaches.
• The cost of notification alone can have a significant financial impact, not to
mention the impact on corporate image.
• There is a notable exception to the notification requirements if the data is
encrypted, which means that 3rd Party Solution's solutions deliver the principal
element for avoiding the regulatory punishment. Additional regulatory drivers
include HIPAA, GLBA, and specific rules in Canada, Japan, the EU and other
countries
Market Drivers
Application Requirements
• Customer facing applications – CRM, and commerce applications are the
top of the hierarchy of needs that drive corporations to buy data security.
• Large scale projects typically start with requirements to protect
customer’s sensitive identity, financial or personal data.
Employee applications
• The second application area driving data security initiatives is to protect
employees’ sensitive data, usually in the form of protecting, HR, payroll,
and benefits systems to secure identity data and personal information.
Corporate applications
• The third area of focus is on sensitive data that is generated by the
corporation.
• Typically this includes corporate secrets, financial data, strategic
information and data warehousing applications.
There is nothing homogeneous about
corporate security
One size does not fit all
• Attackers try all the paths to get to sensitive data, and they do not
necessarily concentrate on only one approach.
• Responding to these threats requires a multi-faceted security solution.
• 3rd Party Solutions has developed an integrated threat model to tie
together the various protection points in our suite, enabling the suite to
respond to threats in an integrated flexible manner.
There is nothing homogeneous about
corporate security
One size does not fit all
• Point solutions have a limited arsenal of methods to respond to threats,
and as such tend to over or under react.
• Intelligent Escalation™ enables a threat in one system to trigger a
response in other systems,
• For example, a threat to one application may trigger an automatic elevation of
protection or logging in another application.
• This is a powerful approach to correlate threats and minimize the intrusiveness of
security while maintaining appropriate levels of protection.
Agenda:
State of the Industry - Problem Statement
Case Study - How to solve it?
A Data Encryption Strategy Project
A Market Transition in Data Security Management
Best Practices in Enterprise Data Protection
Best Practices in Enterprise Database
Protection
New business models rely on open networks
• Multiple access points to conduct business in real time,
• Driving down costs and
• Improving response times to revenue generating opportunities.
Leveraging the ability to quickly exchange critical
information
• Improve competitive position,
• Enterprises are introducing new vulnerabilities
• Can be exploited to gain unauthorized access to sensitive
information
The insider threat is now considered by many to
represent the greatest risk to enterprise
resources.
Best Practices in Enterprise Database
Protection
Real world solutions to protect the confidentiality
and integrity of your database.
• Operational hurdles will be examined, such as multiple database
deployments and heterogeneous environments.
New solutions
• Save money by displacing multiple point solutions,
• Are easy to implement, scalable, and
• Require no application changes.
Integrated multi-tier solutions for application and
data assurance are combining the strengths of
• Database encryption, auditing controls and business activity
monitoring.
Best Practices in Enterprise Database
Protection
Only some DBMS security requirements will be met by native
DBMS features,
• Many DBMSes do not offer a comprehensive set of advanced security
options; notably,
• Many DBMSes do not have security assessment, intrusion detection and
prevention,
• Data-in-motion encryption, and intelligent auditing capabilities.
DBMSes are not intelligent when it comes to security: for
example,
• If a user has privileges, the DBMS does not stop the user or even determine
why he or she might be trying to query the schema repeatedly or trying to
access all private data.
What if the user is a hacker or a disgruntled employee?
What are the common ways
databases can be attacked?
The challenges are coming from all angles,
• Inside the organization as well as from the outside.
Know which threats your are addressing,
• Ensure the measures you are considering are appropriate for the
threats.
Organizations are exposed to different threats to the
data –
• Via applications, databases, file systems, and backups.
The primary vulnerability of pure database security
and database encryption
• Not protect against application-level attacks.
For databases that need the highest level of
protection,
• Such as Internet-based database applications,
• Consider using specialized intrusion detection and prevention
tools to
• Track and eliminate suspicious activities.
How should enterprises secure
their databases to meet
compliance requirements such as
SOX, HIPAA, GLBA, PCI,
SB1386, etc.?
Not all of these regulations specifically require the use of
stored data encryption,
• Many organizations are moving ahead with implementing encryption for
their protected information
• Best practice standards that advise the use of encryption in conjunction
with other security layers to protect PII.
There is no single point solution that meets all the varied data
protection compliance regulations.
• Every application needs to be accessed individually, and
• A variety of technologies will probably be required to satisfy compliance.
Requirements to encrypt data at rest
• The most difficult for companies to meet.
Enterprise solution for protecting data - especially data at rest
- must include the following components:
• • Centralized security policy and reporting across different systems.
• Segregation of data administrative roles and security roles.
• Secure encryption technology to protect confidential data and careful
management of access to the cryptography keys
Should application security be integrated
with database security? If so, why?
We continue to see a trend in the direction of more
advanced attacks against databases.
• Synchronized and automated threat responses between the
application level and database level provide an effective
protection against external and internal attacks.
Automated escalation of threat responses between
the application level and database level
• Directs the focus of countermeasures in time and between
different IT system components, and also
• Optimizes the balances among security level, performance
aspects and ease of administration.
When it comes to database protection,
are native DBMS security features good
enough, or do enterprises need to
supplement them with third-party
security solutions?
The major DBMS products on the market provide
many - but not all - of the key functions within the
three major DBMS security categories
• Thus, growing concerns about security vulnerabilities and
regulatory requirements have
• Created a need for specialized DBMS security vendors,
• Particularly in the areas of encryption, vulnerability assessment,
intrusion detection and prevention, and monitoring.
What are the key challenges and issues
facing customers when dealing with
database security?
Although database encryption is clearly the best approach to
• Securing sensitive information while
• Maintaining accessibility for the organization,
There are always concerns about the level of impact a solution
may have on
• Performance, scalability, availability and administration.
The challenge is to balance security and performance by
• Narrowly focusing protection on the critical information that needs to be
secured, and
• Being aware how that information is used by various applications.
What are the key challenges and issues
facing customers when dealing with
database security?
Not all approaches to database security have
comparable performance curves,
• There are approaches that can minimize the impacts.
A solution that can balance the security,
performance and scalability
• Is the key to any enterprise wide solution.
Best practice is also to provide
• A centralized security policy and reporting across different
systems.
Many enterprises want to protect private
data from DBA's - is this possible? If so,
how can they go about implementing
such separation?
This is not just a problem of trustiness, it is a principle.
• Technically, if we allow a DBA to control security without any
restriction, the whole system becomes vulnerable because if the DBA
is compromised,
• The security of the whole system is compromised, which would be a
disaster.
On the other hand, if we have a mechanism in which
each user could have control over his/her own
secrecy,
• The security of the system is maintained even if some individuals do
not manage their security properly.
Many enterprises want to protect private
data from DBA's - is this possible? If so,
how can they go about implementing such
separation?
Access control is the major security mechanism deployed in all
RDBMSs.
• It is based upon the concept of privilege.
• A subject (i.e., a user, an application, etc.) can access a database object if the subject has
been assigned the corresponding privilege.
• Access control is the basis for many security features.
• Special views and stored procedures can be created to limit users' access to table contents.
However, a DBA has all the system privileges.
• Because of her/his ultimate power,
• A DBA can manage the whole system and
• Make it work in the most efficient way.
In the mean time, she/he also has the capability to do the most damage
to the system.
Many enterprises want to protect private
data from DBA's - is this possible? If so,
how can they go about implementing such
separation?
With a separated security directory
• The security administrator is responsible for setting the user permissions.
• Thus, for a commercial database, the security administrator (SA) operates through a
separate middle-ware, the access control system (ACS), which serve for
• Authentication verification, authorization, audit, encryption and decryption.
• The ACS is tightly coupled to the database management system (DBMS) of the
database.
• The ACS controls access in real-time to the protected fields of the database.
Such a security solution provides
• Separation of the duties of a security administrator from a database administrator
(DBA).
• The DBA’s role could for example be to perform usual DBA tasks, such as extending
table-spaces etc, without being able to see (decrypt) sensitive data.
• The SA could then administer privileges and permissions, for instance add or delete
users.
Many enterprises want to protect private
data from DBA's - is this possible? If so,
how can they go about implementing such
separation?
An administrator with root privileges could also have
full access to the database.
• This is an opening for an attack where the DBA can steal all the
protected data without any knowledge of the protection system
above.
• The attack is in this case based on that the DBA impersonates
another user by manipulating that users password, even though the
user’s password is enciphered by a hash algorithm.
Many enterprises want to protect private
data from DBA's - is this possible? If so,
how can they go about implementing such
separation?
The major DBMS products on the market does not provide a
segregation of data administrative roles and security roles.
• Third party products can solve this requirement and provide the needed secure
encryption technology to protect confidential data and careful management of
access to the cryptography keys.
• It is possible to prevent DBAs from accessing sensitive data that is stored in the
database if column level encryption is used.
• It is also possible to give DBAs to access sensitive data and provide full
accountability and tracking via the tamper resistant audit log in encryption
system.
With more enterprises wanting to
encrypt their databases, what are the
benefits and challenges of data-at-rest
database encryption?
Database-layer encryption protects the data within the DBMS
and also protects against a wide range of threats, including
• Storage media theft,
• Well-known storage attacks,
• Database-layer attacks, and
• Malicious DBAs.
Deployment at the column level within a database table,
• Coupled with access controls,
• Will prevent theft of critical data.
With more enterprises wanting to encrypt
their databases, what are the benefits and
challenges of data-at-rest database
encryption?
Application-layer encryption
• Requires a rewrite of existing applications,
• which is impractical due to limited IT resources,
• lack of access to source code, or a lack of familiarity with old code.
• Rewriting applications is also
• very costly, risky and introduces an
• implementation time delay factor.
• All applications that access the encrypted data must also be changed to
support the encryption/decryption model.
Storage-layer encryption
• Can only protect against a narrow range of threats, namely media theft
and storage system attacks.
What does a comprehensive database
security solution consist of?
A best practice database security solution is based
on
• Segregation of duties and consists of
• Encryption,
• Alerting and auditing, and is
• Tightly integrated with other technology stack components.
Should protect against external and internal threats
by combining security solutions
• At the application level,
• Database level and
• File level.
What does a comprehensive database
security solution consist of?
The field level encryption approach is
• Very useful when dealing with EDI/FTP/Flat files being
• Transferred between the disparate systems.
• At no time is sensitive data in an unencrypted state at rest on
any of the systems.
• Well suited for data elements (e.g. credit cards, email addresses,
critical health records, etc.) that are processed, authorized, and
manipulated at the application tier.
What does a comprehensive database
security solution consist of?
If deployed correctly, application-level encryption protects
data against
• Storage attacks, theft of storage media, and application-level
compromises, and database attacks, for example from malicious
DBAs.
Some column level encryption solutions rely on database
triggers to intercept the encrypted data and invoke a stored
procedure, which,
• Depending on the solution, may require an API call outside of the
database server.
What does a comprehensive database
security solution consist of?
Some column level encryption solutions require a network
round trip to perform the cryptography operation on a
hardware box.
• The network latency that this entails is orders of magnitude slower
than performing cryptographic operations on data in memory.
Scaling and system performance is critical to meeting the
needs of an enterprise
• Encryption should be implemented at the system layer that allow to
leverage the existing, high-performance infrastructure and scale with
that infrastructure.
Majority of enterprises have
heterogeneous DBMSes.
What are the best practices to secure
databases in such environments?
Best practice is to provide
• A centralized security policy,
• Key management, and
• Reporting across different systems.
Majority of enterprises have
heterogeneous DBMSes.
What are the best practices to secure
databases in such environments?
Implementing a data privacy solution can be done at multiple
places within the enterprise.
• Where will you perform the data encryption — inside or outside of the
database?
• Your answer can affect the data’s security and critical operational
aspects.
• Choosing the point of implementation not only dictates the work that
needs to be done from an integration perspective but also
significantly affects the overall security model.
• The sooner the encryption of data occurs, the more secure the
environment
Majority of enterprises have
heterogeneous DBMSes.
What are the best practices to
secure databases in such
environments?
Due to distributed business logic in application and database
environments, it is not always practical to encrypt data as soon as it
enters the network.
• Encryption performed by the DBMS can protect data at rest, but
you must decide if you also require protection for data while it’s
moving between the applications and the database.
• How about while being processed in the application itself,
particularly if the application may cache the data for some period?
• Sending sensitive information over the Internet or within your
corporate network clear text, defeats the point of encrypting the
text in the database to provide data privacy.
Good security practice is to protect sensitive data in both cases – as it is
transferred over the network (including internal networks) and at rest.
• Once the secure communication points are terminated, typically at
the network perimeter, secure transports are seldom used within
the enterprise.
• Consequently, information that has been transmitted is in the
clear and critical data is left unprotected.
• One option to solve this problem and deliver a secure data privacy
solution is to selectively parse data after the secure
communication is terminated and encrypt sensitive data elements
at the SSL/Web/application/database layers.
• Doing so allows enterprises to choose at a very granular level
(credit-card numbers, usernames, passwords, etc.) sensitive data
and secure it throughout the enterprise.
How can production data
be securely used in a test
system?
Production data is in many cases need to ensure quality in system testing.
• Key data fields that can be used to identify an individual or
corporation need to be cleansed to de-personalize the information.
• Cleansed data needs to be easily restored (for downstream
systems and feeding systems), at least in the early stages of
implementation.
• This therefore requires a two-way processing.
• The restoration process should be limited to situations for which
there is no alternative to using production data (eg. interface
testing with a third party or for firefighting situations).
• Authorization to use this process must be limited and controlled.
How can production data
be securely used in a test
system?
• In some situations, business rules must be maintained during any
cleansing operation (e.g. addresses for processing, dates of birth
for age processing, names for sex distinction).
• Scrambling should be either consistent or variable with different
cleansings.
• There should also be the ability to set parameters, or to select or
identify fields to be scrambled, based on a combination of
business rules.
• A solution must be based on secure encryption, robust key
management, separation of duties, and auditing.
Agenda:
State of the Industry - Problem Statement
Case Study - How to solve it?
A Data Encryption Strategy Project
A Market Transition in Data Security Management
Best Practices in Enterprise Data Protection
Related docs
Other docs by niusheng11
