4. Key-Service For Your Business
What Is Database Security?
Database security, under the
umbrella of information security,
protects the confidentiality,
integrity and availability of an
organization’s databases.
5. Key-Service For Your Business
Importance of Database Security and Integrity
Database security is more than just important:
it is essential to any company with any online
component. Sufficient database security
prevents data bring lost or compromised,
which may have serious ramifications for the
company both in terms of finances and
reputation
6. Key-Service For Your Business
Biggest Data Breaches of 2018
Aadhaar (Kemendagri India)
1.1 billion records breached
Date disclosed: January 3, 2018
Facebook (sosmed)
At least 87 million records breached
Date disclosed: March 17, 2018
The Oregon Clinic (healtcare)
Records affected: 64,487
The most affected industries in 2017 (by number of breaches)
https://www.medcareernews.com/top-industries-affected-data-leaks-2017/
7. Key-Service For Your Business
Data Breaches of 2018 Map
http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
8. Key-Service For Your Business
Most Common Attack Vector
https://www.sophos.com/en-us/medialibrary/pdfs/other/apt-infographic.pdf?cmp=70130000001xIObAAM
9. Key-Service For Your Business
Enterprise Security Framework
Source: Oracle Security In Depth Reference Architecture
10. Key-Service For Your Business
Database Security Conceptual View
Source: Oracle Security In Depth Reference Architecture
11. Key-Service For Your Business
Data Security Logical Architecture View
Source: Oracle Security In Depth Reference Architecture
12. Key-Service For Your Business
The Methodology for Proven Database Security
Leverage Biznet
Manage Services
Provider
to secure cloud database
investment
13. Key-Service For Your Business
Inventory
• Discover, classify and prioritize the
databases containing your valuable
information whether cloud based or
on-premise
• Discover, Track and Manage Your SQL
Server Inventory
• Manage known databases on your
network and in the cloud; discover
unknown databases outside the
scope of current compliance controls
15. Key-Service For Your Business
Testing
• Define and manage security standards and
compliance policies to be used to assess
database security posture
• Schedule or run ad-hoc job-based
assessments to quantify cloud based or
on-premise database adherence to
selected policies
17. Key-Service For Your Business
Compliance Enablement Logical Architecture
Source: Oracle Security In Depth Reference Architecture
18. Key-Service For Your Business
Eliminate Vulnerabilities
• Fix potentially harmful password configurations,
table access grants, user roles and other
vulnerable areas identified in assessment of
database assets.
• Conduct regular and continuous assessments to
identify issues and ensure that they are
remediated in a timely manner.
19. Key-Service For Your Business
Enforce Least Privileges
• Ensure employees and applications
have only the rights needed to do
their jobs
• Understand who has access to what
data and how they’ve been granted
that access
Key Point:
Analyze membership to powerful server roles and groups such as administrators, systems administrators, and
security administrators to ensure the level of access is warranted. From a group, see the list of group members
and select a member for further analysis. From a user, see the group memberships and drill upwards to view
inherited permissions.
20. Key-Service For Your Business
Monitor for Anomalies
• Inspect database access and activities
for policy violations and attempted
attacks
• Audit actions of known privileged
users as well as administrative activity
21. Key-Service For Your Business
Fraud Detection Logical Architecture View
Source: Oracle Security In Depth Reference Architecture
22. Key-Service For Your Business
Protecting
• Deploy policy-based Activity Monitoring to create an easily managed set of
actionable security and compliance alerts.
• Transparent Data Encryption (TDE) to protect sensitive data
• Database Firewall acts as the first line of defense for databases, helping prevent
internal and external attacks from reaching the database
23. Key-Service For Your Business
DR / Backup Plan - Multiple Data Center
Cloud Provider providing Multi Region Provide higher Avaibility to Database
25. Key-Service For Your Business
Respond to Incident
Audit and Respond to suspicious activity and policy violations in real time
• Send an alert to IT Security to prompt further investigation.
• Notify the SIEM system to correlate database activity with web application logs.
• Initiate a malware scan to remove any injected code.
• Lockout the user’s account to prevent further attempts to access sensitive data.
28. Key-Service For Your Business
Key-Service
For Your Business
www.biznetgiocloud.com
PT. Biznet Gio Nusantara MidPlaza 1, 7th Floor Jl. Jend Sudirman Kav. 10-11 Jakarta 10220 – Indonesia