4 min. Read
Image credit @ [Pixabay.com]
Cyber security is a team sport. Whether your organization has its own security team, security director (CISO), or director of information management who manages security among other tasks, they cannot succeed without the support of management and the entire IT organization. Servers, databases, networks, and other IT assets are all interdependent, so effective security depends on collaboration.
As a data professional, you are responsible for one of your organization’s most valuable assets – your data. The good news is that you don’t have to become a security expert to protect your information. Every data professional can do many things to help protect your business information.
The hardest part is figuring out where to start. All the information out there – so new vulnerabilities, malware, high-profile data breaches, and the vast majority of new solutions from security providers and service providers – is so easy to drown.
There are three main areas where you can help your organization improve its overall security position by leveraging the expertise you already have:
- Event prevention – makes it harder for attackers to find their way into systems.
- Event detection – identification of suspicious activity as it occurs.
- Event response – take steps to identify, contain and eradicate the intruder.
In this article, I will briefly discuss how you can improve your overall security situation as well as how to protect your information, which is the most valuable resource for all organizations.
Prevention means reducing the attack surface of your systems. You may face threats ranging from targeted attacks by sophisticated attackers to commodity control attacks that greet every new open port on the Internet. The simplest way to reduce the attack area is as follows:
- Make sure you get security advice from Microsoft and other vendors.
- Agree with your stakeholders on SLA fixes based on severity (i.e., 24-48 hours for critical patch, longer periods for non-critical patches) to simplify decision-making when the patch is released.
- Take a close look at app users and permissions. Regularly disconnect unused accounts and keep access to the minimum necessary for legitimate use. This can be difficult in older applications and systems that have been in use for a long time, but these are also some of the most vulnerable attack vectors. Microsoft is detailed instructions what permissions each version of SQL Server requires.
- Keep up-to-date information about your assets (servers, databases, etc.) and the software you use. Especially if you can do this automatically, it also has many non-security benefits.
Identification is not just for you, but you can do it to make it easier. Most security incident detection is based on the correlation of data from multiple systems to identify potential events.
Businesses use Security Information Event Management (SIEM) and Security Arrangements, Automation and Response (SOAR), such as Azure Sentinel (cloud based), or Splunk, IBM QRadar, etc. to handle and correlate logs of networks, servers, and applications. You can help with this endeavor by discussing with your security team what information they need about your systems and how they collect it. Doing this work in advance is valuable in the event of major breaches because your security team already has a reliable copy of your log and is not trying to retrieve them from production systems.
Responding to security incidents can include locking systems, gathering forensic information, and a variety of other functions. If you’re not sure how your organization handles security incidents, ask the security team. You and your colleagues may be able to participate in “red team drills” or other drills that simulate a security incident. Practical experience is much more valuable than any article you can read on the Internet.
In addition to these specific areas, improving operational processes will facilitate data protection. With the introduction of Data Ops policies, increased agility makes it easier to test and deploy changes, give you more options, and reduce risk when you have to quickly install patches or make changes in response to a security incident.
Security is difficult. There’s a lot of information out there, and it’s hard to know what to implement and what to skip. In addition, it seems that we hear a lot about the numbers behind the data breaches, but not the technical details of the breach. However, the latter has value in terms of information technology and information security.
If you’re interested in taking a closer look at some of the data breaches that affected database systems, check out the upcoming SentryOne webinar, Learning from data breaches – an overview.
In this webinar colleague MVP Kevin Kline looks at various data breaches for which we know the technical details. He discusses how the attackers got in and how they got access to the data, and what vulnerabilities the attackers took advantage of and how to bring these vulnerabilities.
This blog post was written by Beth Linker (Product Management Director) Beth oversees the SentryOne cloud product lines and has led product teams responsible for bringing SaaS offerings to market at leading technology companies such as DELL EMC and Acquia.
Thanks for locking my blog.
If you have any questions or feedback, please leave a comment.