Is There A Threat Inside?

Chris Yates, 2017-04-05

Data-PrivacyIf you’ve been involved in technology for any length of time you are aware of outside threats to your network or databases. You read about some of these threats in the news such as hacking, breaches, etc.

All of these outside threats are pertinent and require our attention to detail as data professionals, but along with that threat are you considering any threats that could occur on the inside? Every shop should have some form of guidelines, documentation, regulations around their processes.

The risk from inside threats such as employees, ex-employees, and trusted partners. Some of these threats are accidental while others can be of a malicious nature. In either circumstance the consequences can be devastating for a company. Below are some things to think about within your own environment to prevent such actions from occurring.

Secure User Access

  • Stop unauthorized access – in all honesty this means button up the shop. If you have SA access across the board you are doing it wrong. Think about utilization of role based security, AD groups, etc. You are responsible for the data so don’t make this an afterthought.
  • Manage the threat of shared passwords – fifteen people shouldn’t have access to critical accounts. Check into secure user and password utility such as Secret Server; there are a number of companies out there that provide such products. Who is accessing these accounts and why?
  • Organizational Critical Assets – a companies assets such as data is one of the most important and integral pieces to the puzzle – it needs to be treated as such. This can mean many different things on many different levels. Do you know who is accessing your data and why?
  • Immediate Response to Suspicious Behavior – What do you do when you find activity going on that raises some concern? If you don’t have a process in place of reporting this then I suggest you think about getting one in place. Standards of such events are important; trust me on this. The time will come (and it will come) when threats become real. Procedures should be in place and gone over with all related data teams.

I ran across this article some time back from simple-talk and found it to be very fruitful in showing you How to Get SQL Server Security Horribly Wrong When you get time do check it out. In many cases I have run across security is an after thought – don’t let it be.

Define Areas of Vulnerability

This is a key component in getting started with taking your data seriously. Accessibility to information is a key deliverable in most shops; the data is the heartbeat. Face it; we live in a world today that is data driven; many decisions throughout every minute of the day are based on integrity of the data. Without addressing security in the design around the data it will leave you open to potential threats.

  • Network File Shares
  • Legacy Permissions
  • Logging and Monitoring
  • Change Control

These are just to name a few that could be potential vulnerabilities a shop can be exposed to.

Summary

We, as data professionals, need to take control and secure our data. But even more importantly we need to educate our end users on best practices and standards within the companies and shops we are associated with. Security can no longer be an afterthought.

If this means changing some things and rattling some cages then so be it; it may just save you in the end from a major security breach. We often are aware of external threats; what most people tend to over look are the threats from within the walls of a company.

It is imperative to take preventative measures and even the highest level of clearance should be monitored in some form or fashion. Think about the DBA for a second, and not just because I am one. They have the keys to the kingdom so to speak; same as a lot of sysadmins. There should be transparency in their actions; auditing should occur as to the what, when, and why.

Taking it a step further would be conducting data forensics (that would be a fun topic of discussion)

Bottom line I encourage you to start taking security around your data seriously if not someone else will.

Rate

Share

Share

Rate

Related content

Database Mirroring FAQ: Can a 2008 SQL instance be used as the witness for a 2005 database mirroring setup?

Question: Can a 2008 SQL instance be used as the witness for a 2005 database mirroring setup? This question was sent to me via email. My reply follows. Can a 2008 SQL instance be used as the witness for a 2005 database mirroring setup? Databases to be mirrored are currently running on 2005 SQL instances but will be upgraded to 2008 SQL in the near future.

Robert Davis

2009-02-23

1,567 reads

Networking – Part 4

You may want to read Part 1 , Part 2 , and Part 3 before continuing. This time around I’d like to talk about social networking. We’ll start with social networking. Facebook, MySpace, and Twitter are all good examples of using technology to let…

Andy Warren

2009-02-17

1,530 reads

Speaking at Community Events – More Thoughts

Last week I posted Speaking at Community Events – Time to Raise the Bar?, a first cut at talking about to what degree we should require experience for speakers at events like SQLSaturday as well as when it might be appropriate to add additional focus/limitations on the presentations that are accepted. I’ve got a few more thoughts on the topic this week, and I look forward to your comments.

Andy Warren

2009-02-13

360 reads