Monday, October 8, 2007

Make sure your database is secure

Database security becomes more complicated and more necessary each day.

Tom Gaffny, executive vice president of fundraising and database firm Epsilon in Wakefield, Mass., suggests eight database security questions that those responsible for security in an organization should ask themselves.

They are:
  • Are we only storing the data we need for our business use? Storing unnecessary data is both expensive and just one more potential security breach
  • Do we have an ultimate data owner for each system we support? Having two or more people who share ownership for a database system invites chaos.
  • Do we have documented audit trails surrounding our data access? Such a trail should specify who granted access to whom, for what data and at what level. It should also clearly specify who is allowed to do what with data.
  • Have we developed a data classification scheme, and why? Classifying data helped in determining how long different types of data should be retained on backup tapes.
  • Do we encrypt everything that leaves the secure data center? The most secure organizations encrypt everything, even laptops.
  • Have we recently undergone a security audit by an independent authority. An independent party can help identify weaknesses that are overlooked.
  • Do we back up our data often enough, and are encrypted files or tapes stored at a remote location? It's common sense.
  • Have we kept our employees completely informed about policies and procedures they need to follow to protect our assets?

No comments: