The New Normal: Dealing with the Reality of an Unsecure World

Grab
some
coffee and
enjoy the
pre-show
banter
before the
top of the
hour!

THE LINE UP
ANALYST:
Dez Blanchﬁeld
Data Scientist,
The Bloor Group
ANALYST:
Robin Bloor
Chief Analyst,
The Bloor Group
GUEST:
Ignacio Rodriguez
Senior Product Manager,
IDERA

Securing
Database
Robin Bloor, PhD

Database Security Evolution
It is easy to think of data security as
a static target, but it isn’t
It’s a MOVING TARGET

A Very Brief Overview of Data Security
u  Data theft is nothing new; data that is
valuable is targeted
u  Cyber-theft was born with the Internet
and it exploded around 2005
u  There are many players: governments,
businesses, hacker groups,
individuals…
u  The technologies of attack and
defense evolve
u  Businesses have a duty of care over
their data, whether they own it or not

About the Hackers
u  They can be located anywhere and
thus they may be difficult to bring to
justice, even if identified
u  Many are very skilled; they share
technology and information
u  They have considerable resources
u  Some are profitable businesses
u  There are government groups
–  Economic warfare (stealing secrets)
–  Cyber warfare
u  It’s unlikely that the phenomenon
will ever end

Compliance and Regulations
u  Aside from sector initiatives there
are many official regulations:
HIPAA, SOX, FISMA, FERPA, GLBA
(mainly US legislation)
u  Standards (Global): PCI-DSS, ISO/
IEC 17799 (data should be owned)
u  National regulations differ
country to country (even in
Europe)
u  GDPR being negotiated

Things to Think About
u  DBMS vulnerabilities
u  Identify vulnerable data
u  Security policy particularly
in relation to access
security (who can read,
write, grant permissions,
etc.)
u  Encryption
u  The cost of a security
breach
u  The attack surface

The DBA and Data Security
Data Security is usually part of the
DBA’s role. But it’s collaborative too.
It NEEDS to be subject to corporate
policy.

@dez_blanchﬁeld
YOUR DATA
IS THE
CURRENCY

@dez_blanchﬁeld
DATA BREACHES ARE RAPIDLY
BECOMING NORMAL !!

@dez_blanchﬁeld
THE SHERE SCALE OF THESE
BREACHES IS STAGGERING

@dez_blanchﬁeld
COSTS ESTIMATED TO CLEANUP
DO NOT TAKE INTO ACCOUNT
THE HUMAN TOLL

INTRODUCING
Ignacio Rodriguez

© 2016 IDERA, Inc. All rights reserved.
Proprietary and confidential.
© 2016 IDERA, Inc. All rights reserved.
THE NEW NORMAL: DEALING WITH THE
REALITY OF AN UNSECURE WORLD
Ignacio Rodriguez, Product Manager

2© 2016 IDERA, Inc. All rights reserved. Proprietary and confidential. 2© 2016 IDERA, Inc. All rights reserved.
DATABASE SECURITY CHALLENGES
Identify Vulnerabilities
Manage creation of collection rules,
view collection history & analyze
user access rights
Harden Security Policies
Use recommended templates to
define policies with 3 distinct levels
of protection
Assess Security Levels
Identify factors that may allow SQL
Server to be attacked by a
malicious user to reduce risk
Control User Permissions
Analyze and manage user
permissions across all SQL Server
objects
Control Server Security
Review and update SQL Server
security properties across your
environment
Comply with Audits
Use customizable templates for
user accesses to satisfy audits

SQL SECURE
§  Set strong security policies mapped to regulatory guidelines - View a complete
history of SQL Server security settings and designate a baseline to compare
against future changes.
§  Prevent security risks and violations - The security report card identifies top
security vulnerabilities on your servers. Each security check is categorized as
High, Medium, or Low Risk.
§  Identify vulnerabilities - Understand who has access to what and identify each
user’s effective rights across all SQL Server objects.
§  Report on and analyze user, group, or role permissions - Analyze membership to
powerful server roles and groups, such as administrators, systems
administrators, and security administrators to ensure each user’s level of
access is warranted.

SQL SECURE
§  Deliver detailed security risk reports – IDERA SQL Secure provides 23 reports
out of the box, each of which contains flexible parameters to easily create the
types of reports that display the data that auditors, security officers, managers,
or administrators require.
§  Compare security, risk, and configuration changes over time - Reports such as
the snapshot and assessment comparisons provide an easy way for comparing
security, configuration, and risks between different time periods.
§  SQL Secure snapshot alerting - Notifications when SQL configuration changes
are detected that present a new risk.

SQL SECURE ARCHITECTURE
SQL Secure
Repository
Management and
Collection Service
Enterprise
Console
SQL Secure
Monitored
SQL Instances
Agentless capture
of security model
info
MS SQL Server
Reporting
Services
Active Directory

SECURITY REPORT CARD

AUDIT SQL USER PERMISSIONS

COMPARE SECURITY SETTINGS

POLICY TEMPLATES

SQL USER EFFECTIVE RIGHTS

SQL SERVER OBJECT ACCESS RIGHTS

SQL SECURE REPORTING

SNAPSHOT COMPARISONS

ASSESSMENT COMPARISON

SUMMARY
§  Database security is of critical importance
•  Doing it wrong will expose your company to significant risks
•  Doing it well and effectively requires both strategy and process
§  Database professionals need a tool to manage and monitor database
access permissions
§  IDERA SQL Secure provides extensive capabilities to control database
permissions, track access activities, and mitigate breach risks

THANKS!
Any questions?

The New Normal: Dealing with the Reality of an Unsecure World

The Archive Trifecta:
•  Inside Analysis www.insideanalysis.com
•  SlideShare www.slideshare.net/InsideAnalysis
•  YouTube www.youtube.com/user/BloorGroup
THANK YOU!

The New Normal: Dealing with the Reality of an Unsecure World

More Related Content

What's hot (20)

Viewers also liked (20)

Similar to The New Normal: Dealing with the Reality of an Unsecure World (20)

More from Eric Kavanagh (20)

Recently uploaded (20)

The New Normal: Dealing with the Reality of an Unsecure World