Database Architecture And Security
- February 18, 2017
- Posted by: Edem Glymin
- Category: Data Security, Information Security
An essential but often missing element in an information security program is a well-defined and complete information security architecture that reflects the business decisions and the information security policy decisions of the organization. In many cases, the security architecture is described as a network topology that also reflects information security technology. An effective information security architecture is one that reflects business decisions, is understandable by a wide audience, and is defined using various levels of elaboration that provide detailed guidance for the separate parts of the organization.
The purpose of enterprise information security architecture is to address the organization’s need for a holistic approach to IT security that will provide enterprise-wide guidance to ensure that information security is approached in a consistent manner and with a consistent level of risk. The architecture is intended to provide guidance for the organization as a whole. The value of the architecture will be in its applicability to the organization’s business and it’s usability by a wide audience.
What Is a Security Architecture?
The basis of an organization’s security architecture is to implement the security building blocks in such a way as to provide the appropriate levels of protection to the business information and processes of the organization.
An information security architecture is designed to be strategic; it is meant to have a longer life than a blueprint, design requirement, or a topological chart or configuration. If it is too specific, it becomes constrained by current circumstances. If it is too comprehensive or general, it cannot deliver direction and guidance. It is meant to assist in making choices associated to the identification, acquisition, design, application, implementation, deployment, and operation of elements in the organization’s technical environment.
The information security architecture should support many communities, departments, and lines of business, and should represent the long-term view of technical direction. Information security architectures agree for multiple implementations based on the realities of the moment and caution should be exercised to prevent the information security architecture from becoming a blueprint for a specific implementation. The information security architecture provides the overall guidance for managing IT risk across the organization.
The purpose of an enterprise information security architecture is to address the organization’s need for a holistic approach to information security in order to provide enterprise-wide guidance to ensure that information security is approached in a consistent manner and with a consistent level of risk. The architecture is intended to provide guidance for the organization as a whole. The value of the architecture will be in its applicability to the organization’s business and its usability by a wide audience.
The result, then, should be an architecture that supports:
- An effective security program that recognizes that all information is not identical or continuous in terms of value and risk over time,
- A well organized and efficient security program that applies the right technology to protect the utmost critical assets joint with quality processes that reduce the risks to acceptable business levels.
- A high-quality security program that includes regular management reviews and technology assessments to ensure controls are working as intended and that provides feedback so that technology and processes can adapt to changes in value and risks over time.
Objectives of the Security Architecture
The primary purpose of the organization’s information security architecture is to define the security infrastructure that supports the organization’s IT strategy, IT security strategy and principles, and the organization’s security policy and standards. The specific objectives and deliverables of the organization’s information security architecture can be defined as follows:
- Provides guidance to the organization’s IT corporate and department decision-makers, allowing them to make better security-related investment/design decisions regarding the organization’s IT solutions. The resulting decisions will be strategically aligned, arrived at more quickly, and will be more consistent across departments.
- Supports, enables, and extends the organization’s security policy and standards by providing specific security-related guidance to IT decision-makers.
- Describes general security strategies that are used to guide decisions within the organization’s information security architecture domain and within individual organization IT solutions.
- Describes the high-level design objectives and guidelines that influence the information security architecture design decisions.
- Describes the concept of “security zones,” which compartmentalize the organization security environment. The security zones are crucial, high-level design constructs in the information security architecture.
- Describes a risk management architecture that provides support for risk-based security decisions.
- Leverages leading industry standards and representations to ensure best security practices are being applied, and that the organization security approach is consistent with other organizations.
With a growing number of internal and external attacks on corporate and public applications and robust regulatory compliance enforcements, data security continues to be the highest priority for enterprises and governments year after year. Even though many enterprises are taking stronger measures to protect their data, substantial gaps still persist at the very core, i.e., the databases that contain the corporate crown jewels.
Many enterprises don’t have a database security strategy that can defend against sophisticated attacks originating externally or internally, track sensitive information as it’s copied to numerous locations, or even meet evolving and stricter regulatory requirements. In addition, most businesses tend to emphasize detective controls more than preventive measures and controls when it comes to database security, making them highly vulnerable. By contrast, it is observed that companies that implemented a comprehensive and integrated database security product with a solid emphasis on preventive controls attained better security controls that introduced a higher degree of automation through the organization and were more confident in defending against attacks.
Database Security Strategy
A database security strategy focuses on proactively protecting data from internal and external attacks, curtailing data exposure to privileged and authorized IT users, and safeguarding all databases, including production and non-production.
Most organizations generally focus on a perimeter-centered network security, proposing the first line of defense, but the increasing complexity of an organization’s security environment and sophisticated attack vectors require organizations to take a comprehensive view of data security. Database security, which is the generally considered the last line of defense for enterprise data, needs a much larger focus than other layers of the whole stack for the reason that it holds an organization’s crown jewels.
A key to building any successful database security strategy encompasses:
- Understanding what type of data needs to be protected, such as personal identification information (PII), credit card numbers, customer data, Social Security Numbers, intellectual property, and health information, etc.
- Understanding applicable regulatory compliance requirements, such as payment card industry (PCI), Health Insurance Portability and Accountability Act (HIPAA), FISMA, etc.
- Performing an inventory of all databases, including nonproduction.
- Discovering and classifying databases based on the sensitivity of data.
- Establishing security policies for all databases in the environment, segregated across zones.
- Having actions for each category of policies and deploying them across databases, segregated across zones.
- Taking suitable security measures, such as data masking (redaction), monitoring, auditing, encryption, and access control.
- Looking for an all-inclusive database security solution that can implement robust database security at a low cost.
Key Pillars of Database Security Strategy
This primarily includes discovery, classification, AAA (authentication, authorization, and accounting), and patch management. Without understanding where and how the sensitive data is used across the environment, securing data can be very sophisticated and challenging. The “foundation pillar” stresses discovery and classification of sensitive data and devising a vigorous authentication, authorization, and access control framework. In addition, all critical databases must be patched periodically to remove known vulnerabilities.
Understanding which databases contain sensitive data is an important requirement for any database security strategy and architecture. Organizations should take a comprehensive inventory of all databases, including all environments across the enterprise (such as production and non-production), and confirm that authentication, authorization, and access control is enabled for all sensitive and critical databases. To establish a strong database security foundation, enterprises should use:
- Database discovery and classification, which provides information on all databases to focus upon
- AAA mechanisms for appropriate database access
- Patch management protecting against identified vulnerabilities
This section encompasses monitoring, auditing, and vulnerability assessment. All changes to sensitive data should be logged to provide the ability to justify and respond to auditing, where the importance is “Who changed what data?”, “When was it changed?”, etc. Auditing and monitoring also usually compromises for compensating controls when preventive measures are not enabled. In addition, vulnerability assessment reports gaps in the database environment, such as weak passwords or excessive access privileges.
To support regulatory compliance standards, such as PCI, HIPAA, FISMA, etc., and improve data security, organizations should have records of all access and modifications to sensitive data. Data and metadata within databases can be accessed, modified, or even deleted in moments. The detection pillar emphasizes a comprehensive audit trail of database activities and making details of vulnerabilities available. Detection layer security fundamentally includes:
- Continuous auditing and alerting on data anomalies and access by privileged users
- Security monitoring and real-time intrusion prevention to defend the database against potential threats
- Vulnerability assessment to check for database integrity and security configuration across databases.
This category encompasses data encryption, data masking, and database firewall. This pillar emphases preventing unauthorized access and protecting against potential attacks. Preventive security measures include:
- Network and data-at-rest encryption
- Data masking (redaction) across all databases to prevent data exposure to all categories of users, including, but not restricted to, developers, testers, and other non-production users
- Database firewalls to prevent potential threats, such as SQL injection attacks or privilege escalation from impacting databases
- Change management to enable a formal procedure to manage changes in production. The goal is to prevent unauthorized access to and exposure of private data.
Preventive measures basically include:
- Data redaction/masking to protect data in nonproduction databases.
- Database and network encryption to defend databases and applications across all network zones
- Database firewalls for real-time protection from multiple attack vectors and to ensure that, if any unauthorized user gets access, it can protect the corresponding data by blocking connection or relevant access in real time.
Database security has become critical for all enterprises to defend against growing attacks and meeting various regulatory requirements. Below are some key recommendations:
- Prevention should be a topmost priority as per the architecture – Even though database monitoring is vital to track data access, it doesn’t prevent cyber-criminals and hackers from stealing data. Organizations must make the most of their focus by implementing preventive controls to protect against real-time sophisticated threats.
- Focus on an organization-wide database security strategy – An all-inclusive database security strategy makes sure that investments are not ad hoc and address the three key pillars, which are foundation, detection, and prevention, across the critical databases. Don’t just focus on one or two critical databases, but on all databases that store sensitive data; in other words, all your databases.