SlideShare a Scribd company logo

Database & Data Security

Download as PPT, PDF
Cloudbells.com, profile picture
Cloudbells.com

The document discusses the importance of securing company databases that store proprietary and sensitive information. It outlines four key aspects of database security - availability, authenticity, integrity, and confidentiality. Specifically, it focuses on ensuring confidentiality by preventing unauthorized access to or disclosure of data, both internally and from external hacking or theft. Vendors provide built-in security solutions, while some companies implement additional third-party database activity monitoring starting at $20,000.

Data & Analytics
Related topics:
Data Security
1 of 13
Downloaded 16 times
1
2
3
4
5
6
7
8
9
10
11
12
13
Database & Data Security
 Every company needs places to store institutional knowledge and data.  Frequently that data contains proprietary information › Personally Identifiable Data › Employee HR Data › Financial Data  The security and confidentiality of this data is of critical importance.
 There are four key issues in the security of databases just as with all security systems › Availability › Authenticity › Integrity › Confidentiality
 Data needs to be available at all necessary times  Data needs to be available to only the appropriate users  Need to be able to track who has access to and who has accessed what data
 Need to ensure that the data has been edited by an authorized source  Need to confirm that users accessing the system are who they say they are  Need to verify that all report requests are from authorized users  Need to verify that any outbound data is going to the expected receiver
 Need to verify that any external data has the correct formatting and other metadata  Need to verify that all input data is accurate and verifiable  Need to ensure that data is following the correct work flow rules for your institution/corporation  Need to be able to report on all data changes and who authored them to ensure compliance with corporate rules and privacy laws.
 Need to ensure that confidential data is only available to correct people  Need to ensure that entire database is security from external and internal system breaches  Need to provide for reporting on who has accessed what data and what they have done with it  Mission critical and Legal sensitive data must be highly security at the potential risk of lost business and litigation
 Although the 4 pillars are of equal importance we are focusing on Confidentiality due to the prevalence of data loss in financial and personal areas  We are going to review solutions for › Internal data loss › External hacking › Securing data if hardware stolen › Unapproved Administrator Access
 Another set of security issues come from middleware that sits between the user and the data  Single sign on authentication › Allows users to just have one password to access all systems but also means that the theft of one password endangers all systems
 Most companies have several types of databases so to ensure total security across databases they hire 3rd party Database Security  Those companies have solutions for Database Activity Monitoring (DAM)  Prices range from $20K to $1 Million  Another option is data masking – buying a fake data set for development and testing.
 Vendors such as Oracle, Microsoft and IBM know that security is a big concern for data systems.  They create built in solutions such as: › Password Controls › Data access based on roles and profiles › IP restrictions for off site access › Auditing capabilities of who has run what reports › Security logging
Solution Description Pros Cons Complex Passwords (require numbers and symbols) as well as frequent password changes Makes passwords harder to guess and harder to crack Users write them down and keep them next to computer or forget and need multiple resets Keep Internal and External facing databases separate Makes it very hard to hack one and then get through to the other Reduces functionality of databases and restricts flow of internal data Restrict Downloading Keeps data in the database and not loose in excel, etc Restricts reporting capabilities and off line functionality Restrict Unwanted Connections Again makes it harder to worm from one system to another Makes integration more difficult and can reduce user acceptance SAML (Security Assertion Markup Language) SAML is the standard that is used for Single Sign On functionality If not in use blocks the usage of single sign on
Database & Data Security

More Related Content

PDF
Flash Friday: Data Quality & GDPR
Precisely
 
DOCX
Data Security
ankita_kashyap
 
PPTX
Compliant Email Solutions for HIPAA & SOX regulations
SherWeb
 
PDF
Enterprise Data Privacy Quiz
Druva
 
PPTX
Sensitive data
S.M. Towhidul Islam
 
PDF
Integrating DLP and the 4 W's is a Must by Uzi Yair - CEO, GTB Technologies Inc.
Ravtach Solutions
 
PDF
Data Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Eryk Budi Pratama
 
PDF
Cross border - off-shoring and outsourcing privacy sensitive data
Ulf Mattsson
 
Flash Friday: Data Quality & GDPR
Precisely
 
Data Security
ankita_kashyap
 
Compliant Email Solutions for HIPAA & SOX regulations
SherWeb
 
Enterprise Data Privacy Quiz
Druva
 
Sensitive data
S.M. Towhidul Islam
 
Integrating DLP and the 4 W's is a Must by Uzi Yair - CEO, GTB Technologies Inc.
Ravtach Solutions
 
Data Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Eryk Budi Pratama
 
Cross border - off-shoring and outsourcing privacy sensitive data
Ulf Mattsson
 

What's hot (20)

PPTX
what is data security full ppt
Shahbaz Khan
 
PPTX
Ivanti Threat Thursday for January 23
Ivanti
 
PPTX
Digital Rights Management One For Sharepoint
pabatan
 
PPT
M014 Confluence Presentation 08 15 06
gbroadbent67
 
PPTX
Data lake protection ft 3119 -ver1.0
Finto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
PPTX
Logs in Security and Compliance flare
zilberberg
 
PPT
Microsoft Rights Management
Peter1020
 
PDF
08. icv sastanak (microsoft) nikola office 2013
Menadžment Centar Beograd
 
PPTX
General Data Protection Regulation (GDPR)
Kimberly Simon MBA
 
PDF
Data classification-policy
Coi Xay
 
PPTX
GDPR & Your Cloud Provider - What You Need to Know
Rachel Roach
 
PPT
Enterprise Digital Rights Management (Persistent Security)
pabatan
 
PDF
Get your Enterprise Ready for GDPR
Abhishek Sood
 
PDF
Identity and Access Intelligence
Tim Bell
 
DOCX
Task 3
BIBEKCHAUDHARYBScHon
 
PDF
CHINO poster IM/IFIP
Jovan Stevovic
 
PPTX
Secure Channels Financal Institution Presentation
Richard Blech
 
PPT
Fasoo Company And Product Information
pabatan
 
PPT
Securing Business: Strategic Enablement of Users
Jon Gatrell
 
PPTX
EU's General Data Protection Regulation (GDPR)
Kimberly Simon MBA
 
what is data security full ppt
Shahbaz Khan
 
Ivanti Threat Thursday for January 23
Ivanti
 
Digital Rights Management One For Sharepoint
pabatan
 
M014 Confluence Presentation 08 15 06
gbroadbent67
 
Data lake protection ft 3119 -ver1.0
Finto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
Logs in Security and Compliance flare
zilberberg
 
Microsoft Rights Management
Peter1020
 
08. icv sastanak (microsoft) nikola office 2013
Menadžment Centar Beograd
 
General Data Protection Regulation (GDPR)
Kimberly Simon MBA
 
Data classification-policy
Coi Xay
 
GDPR & Your Cloud Provider - What You Need to Know
Rachel Roach
 
Enterprise Digital Rights Management (Persistent Security)
pabatan
 
Get your Enterprise Ready for GDPR
Abhishek Sood
 
Identity and Access Intelligence
Tim Bell
 
Task 3
BIBEKCHAUDHARYBScHon
 
CHINO poster IM/IFIP
Jovan Stevovic
 
Secure Channels Financal Institution Presentation
Richard Blech
 
Fasoo Company And Product Information
pabatan
 
Securing Business: Strategic Enablement of Users
Jon Gatrell
 
EU's General Data Protection Regulation (GDPR)
Kimberly Simon MBA
 
Ad

Viewers also liked (9)

PDF
Dotnet datamining ieee projects 2012 @ Seabirds ( Chennai, Pondicherry, Vello...
SBGC
 
PPT
Database security
Shivnandan Singh
 
PDF
Data and database security and controls
FITSFSd
 
PPTX
Dfc2043 operating system; open & closed source systems
FlameDimension95
 
PPTX
Modern Data Security for the Enterprises – SQL Server & Azure SQL Database
WinWire Technologies Inc
 
PDF
Weka project - DataMining
Safiya Najeh
 
PDF
Data- and database security & GDPR: end-to-end offer
Capgemini
 
PPT
006.itsecurity bcp v1
Mohammad Ashfaqur Rahman
 
PPT
Database Security
alraee
 
Dotnet datamining ieee projects 2012 @ Seabirds ( Chennai, Pondicherry, Vello...
SBGC
 
Database security
Shivnandan Singh
 
Data and database security and controls
FITSFSd
 
Dfc2043 operating system; open & closed source systems
FlameDimension95
 
Modern Data Security for the Enterprises – SQL Server & Azure SQL Database
WinWire Technologies Inc
 
Weka project - DataMining
Safiya Najeh
 
Data- and database security & GDPR: end-to-end offer
Capgemini
 
006.itsecurity bcp v1
Mohammad Ashfaqur Rahman
 
Database Security
alraee
 
Ad

Similar to Database & Data Security (20)

PPTX
Data security
Tapan Khilar
 
PPTX
Data security
AbdulBasit938
 
PDF
CYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdf
Jenna Murray
 
PPTX
what is data security full ppt
Shahbaz Khan
 
PDF
Office 365 Security, Privacy and Compliance - SMB Nation 2015
Robert Crane
 
PPTX
Identity and Security in the Cloud
Richard Diver
 
PPTX
Database systems and cloud computing.pptx
mikeymikemike27
 
PDF
Office 365 Security Features That Nonprofits Should Know and Use
TechSoup
 
PPT
Dstca
ajay vj
 
PDF
Data compliance - get it right the first time (Black/White printable PDF)
Peter GEELEN ✔
 
PDF
Bridging the Data Security Gap
xband
 
PDF
Wp security-data-safe
ALI ANWAR, OCP®
 
PDF
Data compliance - get it right the first time (Full color PDF)
Peter GEELEN ✔
 
PPTX
GDPR Part 2: Quest Relevance
Adrian Dumitrescu
 
PPTX
Data protection and privacy in the world of database DevOps
Red Gate Software
 
PPTX
Data security
ForeSolutions
 
DOCX
Question 1Discuss why those in the human resource development po.docx
makdul
 
PPTX
Privacy Preserved Data Augmentation using Enterprise Data Fabric
Atif Shaikh
 
PPTX
Understanding Database Encryption & Protecting Against the Insider Threat wit...
MongoDB
 
PPT
Data Classification Presentation
Derroylo
 
Data security
Tapan Khilar
 
Data security
AbdulBasit938
 
CYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdf
Jenna Murray
 
what is data security full ppt
Shahbaz Khan
 
Office 365 Security, Privacy and Compliance - SMB Nation 2015
Robert Crane
 
Identity and Security in the Cloud
Richard Diver
 
Database systems and cloud computing.pptx
mikeymikemike27
 
Office 365 Security Features That Nonprofits Should Know and Use
TechSoup
 
Dstca
ajay vj
 
Data compliance - get it right the first time (Black/White printable PDF)
Peter GEELEN ✔
 
Bridging the Data Security Gap
xband
 
Wp security-data-safe
ALI ANWAR, OCP®
 
Data compliance - get it right the first time (Full color PDF)
Peter GEELEN ✔
 
GDPR Part 2: Quest Relevance
Adrian Dumitrescu
 
Data protection and privacy in the world of database DevOps
Red Gate Software
 
Data security
ForeSolutions
 
Question 1Discuss why those in the human resource development po.docx
makdul
 
Privacy Preserved Data Augmentation using Enterprise Data Fabric
Atif Shaikh
 
Understanding Database Encryption & Protecting Against the Insider Threat wit...
MongoDB
 
Data Classification Presentation
Derroylo
 

More from Cloudbells.com (10)

PPT
Operating-System Structures
Cloudbells.com
 
PPT
Raid : Redundant Array of Inexpensive Disks
Cloudbells.com
 
PPT
Internet
Cloudbells.com
 
PPT
Introduction to Data Management
Cloudbells.com
 
PPT
Introductin to Data Modeling.
Cloudbells.com
 
PPT
Client-Server Computing
Cloudbells.com
 
PPT
Data mining
Cloudbells.com
 
PPT
Green datacenters
Cloudbells.com
 
PPT
Big data : Coudbells.com
Cloudbells.com
 
PPT
Introduction to Web Hosting.
Cloudbells.com
 
Operating-System Structures
Cloudbells.com
 
Raid : Redundant Array of Inexpensive Disks
Cloudbells.com
 
Internet
Cloudbells.com
 
Introduction to Data Management
Cloudbells.com
 
Introductin to Data Modeling.
Cloudbells.com
 
Client-Server Computing
Cloudbells.com
 
Data mining
Cloudbells.com
 
Green datacenters
Cloudbells.com
 
Big data : Coudbells.com
Cloudbells.com
 
Introduction to Web Hosting.
Cloudbells.com
 

Recently uploaded (20)

PPT
Miokarditis (Inflamasi pada Otot Jantung)
NandaAndini1
 
PPTX
IBA_Chapter_11_Slides_Final_Accessible.pptx
SrikantKapoor1
 
PPTX
Microsoft-Fabric-Unifying-Analytics-for-the-Modern-Enterprise Solution.pptx
Mahesh Reddy
 
PPTX
oil_refinery_comprehensive_20250804084928 (1).pptx
TusharPrajapati65
 
PPTX
SAP 2 completion done . PRESENTATION.pptx
POORNIMAN26
 
PDF
Mega Projects Data Mega Projects Data
saidsalah8181
 
PDF
Galatica Smart Energy Infrastructure Startup Pitch Deck
Shahzaib Ajmal
 
PPTX
Introduction to Firewall Analytics - Interfirewall and Transfirewall.pptx
kuthubussaman1
 
PDF
[EN] Industrial Machine Downtime Prediction
Mônica N. de Resende
 
PDF
Fluorescence-microscope_Botany_detailed content
dollydoll12
 
PPTX
1_Introduction to advance data techniques.pptx
AshutoshDeshmukh33
 
PPTX
ALIMENTARY AND BILIARY CONDITIONS 3-1.pptx
chepkoitcheruiyot
 
PPTX
Introduction to Knowledge Engineering Part 1
busyprogrammersguide
 
PPTX
MODULE 8 - DISASTER risk PREPAREDNESS.pptx
AceAquino4
 
PDF
Introduction to the R Programming Language
Suraj Patil
 
PPTX
01_intro xxxxxxxxxxfffffffffffaaaaaaaaaaafg
Vittaya Boon Suwansiri
 
PPTX
Data_Analytics_and_PowerBI_Presentation.pptx
ZubyrAhmed
 
PDF
Recruitment and Placement PPT.pdfbjfibjdfbjfobj
Alka392097
 
PDF
Lecture1 pattern recognition............
ZafriFarid
 
PPTX
Market Analysis -202507- Wind-Solar+Hybrid+Street+Lights+for+the+North+Amer...
LEDLUXX Smart Lite TEC
 
Miokarditis (Inflamasi pada Otot Jantung)
NandaAndini1
 
IBA_Chapter_11_Slides_Final_Accessible.pptx
SrikantKapoor1
 
Microsoft-Fabric-Unifying-Analytics-for-the-Modern-Enterprise Solution.pptx
Mahesh Reddy
 
oil_refinery_comprehensive_20250804084928 (1).pptx
TusharPrajapati65
 
SAP 2 completion done . PRESENTATION.pptx
POORNIMAN26
 
Mega Projects Data Mega Projects Data
saidsalah8181
 
Galatica Smart Energy Infrastructure Startup Pitch Deck
Shahzaib Ajmal
 
Introduction to Firewall Analytics - Interfirewall and Transfirewall.pptx
kuthubussaman1
 
[EN] Industrial Machine Downtime Prediction
Mônica N. de Resende
 
Fluorescence-microscope_Botany_detailed content
dollydoll12
 
1_Introduction to advance data techniques.pptx
AshutoshDeshmukh33
 
ALIMENTARY AND BILIARY CONDITIONS 3-1.pptx
chepkoitcheruiyot
 
Introduction to Knowledge Engineering Part 1
busyprogrammersguide
 
MODULE 8 - DISASTER risk PREPAREDNESS.pptx
AceAquino4
 
Introduction to the R Programming Language
Suraj Patil
 
01_intro xxxxxxxxxxfffffffffffaaaaaaaaaaafg
Vittaya Boon Suwansiri
 
Data_Analytics_and_PowerBI_Presentation.pptx
ZubyrAhmed
 
Recruitment and Placement PPT.pdfbjfibjdfbjfobj
Alka392097
 
Lecture1 pattern recognition............
ZafriFarid
 
Market Analysis -202507- Wind-Solar+Hybrid+Street+Lights+for+the+North+Amer...
LEDLUXX Smart Lite TEC
 

Database & Data Security

  • 2.  Every company needs places to store institutional knowledge and data.  Frequently that data contains proprietary information › Personally Identifiable Data › Employee HR Data › Financial Data  The security and confidentiality of this data is of critical importance.
  • 3.  There are four key issues in the security of databases just as with all security systems › Availability › Authenticity › Integrity › Confidentiality
  • 4.  Data needs to be available at all necessary times  Data needs to be available to only the appropriate users  Need to be able to track who has access to and who has accessed what data
  • 5.  Need to ensure that the data has been edited by an authorized source  Need to confirm that users accessing the system are who they say they are  Need to verify that all report requests are from authorized users  Need to verify that any outbound data is going to the expected receiver
  • 6.  Need to verify that any external data has the correct formatting and other metadata  Need to verify that all input data is accurate and verifiable  Need to ensure that data is following the correct work flow rules for your institution/corporation  Need to be able to report on all data changes and who authored them to ensure compliance with corporate rules and privacy laws.
  • 7.  Need to ensure that confidential data is only available to correct people  Need to ensure that entire database is security from external and internal system breaches  Need to provide for reporting on who has accessed what data and what they have done with it  Mission critical and Legal sensitive data must be highly security at the potential risk of lost business and litigation
  • 8.  Although the 4 pillars are of equal importance we are focusing on Confidentiality due to the prevalence of data loss in financial and personal areas  We are going to review solutions for › Internal data loss › External hacking › Securing data if hardware stolen › Unapproved Administrator Access
  • 9.  Another set of security issues come from middleware that sits between the user and the data  Single sign on authentication › Allows users to just have one password to access all systems but also means that the theft of one password endangers all systems
  • 10.  Most companies have several types of databases so to ensure total security across databases they hire 3rd party Database Security  Those companies have solutions for Database Activity Monitoring (DAM)  Prices range from $20K to $1 Million  Another option is data masking – buying a fake data set for development and testing.
  • 11.  Vendors such as Oracle, Microsoft and IBM know that security is a big concern for data systems.  They create built in solutions such as: › Password Controls › Data access based on roles and profiles › IP restrictions for off site access › Auditing capabilities of who has run what reports › Security logging
  • 12. Solution Description Pros Cons Complex Passwords (require numbers and symbols) as well as frequent password changes Makes passwords harder to guess and harder to crack Users write them down and keep them next to computer or forget and need multiple resets Keep Internal and External facing databases separate Makes it very hard to hack one and then get through to the other Reduces functionality of databases and restricts flow of internal data Restrict Downloading Keeps data in the database and not loose in excel, etc Restricts reporting capabilities and off line functionality Restrict Unwanted Connections Again makes it harder to worm from one system to another Makes integration more difficult and can reduce user acceptance SAML (Security Assertion Markup Language) SAML is the standard that is used for Single Sign On functionality If not in use blocks the usage of single sign on