Why Read This
Hackers continue to break into critical databases across the globe, largely because of gaps in database security implementations and lack of cohesive controls. Although enterprises can pass high-level compliance audits by enabling a few database- and-application level security controls, that's not good enough when it comes to preventing growing attacks or even passing audits that span more than a few applications. A key component missing from many organizations — one that can uncover security holes, flush out vulnerabilities, and improve overall data security — is database security planning. While organizations often have an information security plan in place, most don't have a database security plan, which is critical in protecting the crown jewels. Database security plans focus on the granular level of controls and approaches essential in nailing down critical data across the enterprise. Application delivery and security professionals should consider building a database security plan, starting out with a few security policies and then moving on to build comprehensive controls across the enterprise.