Database Encryption

Are data-privacy regulations and dreams about stolen employee data keeping you up at night? It may be time to protect your data where it lives--in your database.

Most security initiatives are defensive strategies — aimed at protecting the perimeter of the network. But these efforts may ignore a crucial vulnerability — sensitive data stored on networked servers are at risk from attackers who only need to find one way inside the network to access this confidential information. Additionally, perimeter defenses like firewalls cannot protect stored sensitive data from the internal threat — employees with the means to access and exploit this data.

Industry studies have shown that as much as 70% of information theft comes from the inside! Not some "nameless, faceless hackers out there in the ether". Does that mean that your current solutions are directed at 30% of the problem?

You are ultimately responsible for the data in your organization's database (sometimes called "Data at Rest"), even though the DBA might be responsible for deploying security. We are sure that your DBA or Network Administrator uses the best current techniques to prevent unauthorized access to that data. But despite their best efforts, "bad guys" do get through.

Here are just some of the ways:
  • Breaking through your firewall
  • Accidentally making a critical directory public
  • Forgot to re-lockdown a server temporarily unlocked
  • Console lockout timer disabled
  • Admin choosing kid's birthday as a login password
  • Lost laptop that contains replicated data
  • Forgetting to "shred" replaced hard-drive
  • Neglecting to remove a login when someone quits or is fired
  • Accidentally sharing the wrong volume
  • Employee copying files to a removable drive before they quit or are fired
  • Stealing a backup disk or tape
  • Left "sa" password blank
Two recent federal laws have set new standards for the protection of customer information. Regulations required by the Health Insurance Portability and Accountability Act (HIPAA) set standards for the security of medical records and other individually identifiable health information. The Gramm-Leach-Bliley Act (GLBA, Public Law 106-102) sets new requirements on financial institutions regarding the privacy and security of customers’ personal financial information.

Congress’s interest in privacy and security isn’t surprising. In a recent poll by the Information Technology Association of America, 75 percent of the Americans surveyed feared having their personal information misused. The problem is very real: over 700,000 cases of identity theft were reported last year according to government and privacy advocacy groups. Worse, in 2001 credit card fraud cost the credit industry billions of dollars.

Congress clearly intends to make business liable for the security of customer data and HIPAA and GBLA are just the beginning. HIPAA regulations provide civil and criminal penalties for non-compliance due to willful neglect — fines of up to $50,000 and one year in prison per violation. Congress is also considering the Financial Institution Privacy Protection Act, which would stiffen the Gramm-Leach-Bliley Act to make company officers and directors liable for up to $10,000 for each privacy violation.

We are experts in Database Encryption and Security, please call us at 888-237-3899 or email us at info@chiefsecurityofficers.com to learn more about how we can help you.
Home | Privacy Policy | Security Policy | Copyright © CSO 2008; All Rights Reserved