Database Security Checklist

Several key domains play part of a successful & robust database

security implementation strategy. Make sure your databases are
safe and secure:

ENCRYPTION
Data at rest, protect your underlying database storage and backups.

• Encryption allows protecting the underlying database storage files and on-site/off-
site backups from theft.

• Usually, not all datasets requires encryption. Identify the specific data sets on which
encryption should be enabled. Which databases? Which Rows? Which Columns?

• Identify if there is a need to encrypt different datasets using different encryption

keys? Perhaps data that belongs to different clients sharing a single database?

AUDITING
Monitor and track access to data: who accesses which data? when and from where?

• Monitor internal and external access to data that is considered sensitive.

• Identify the specific data assets that require auditing: databases, tables, columns.

• Track the username, originating from which server, accessing which specific dataset
and when.

• Special auditing is needed if applications users are separate from database users.

DATA GOVERNANCE
Track and monitor data including as it moves across different data silos.

• In modern database architectures, data is dynamic and fluid. Complex data pipelines
are commonplace copying and transforming data across different silos internal and
external to the organization.

• Make sure to tag, track and catalog datasets as they travel from one database to
another. Establish polices and workflows with checks along the way.

• Implement complete data lifecycle management polices across all databases

including data provisioning, data cleansing and periodic dataset compliance checks.

Copyright 2017, NAYA Tech

All Rights Reserved
CLIENT SEGREGATION
What are the “hard” requirements for segregating different clients sharing a database.

• In Multi-Tenant environments, multiple “clients” can share the same database server.
These types of databases require special treatment across all security domains:
encryption, auditing, authorization, etc…

• For example - encrypt individual client data using different keys. implement strong
authorization and authentication, using different users for each client and restricting
access to subsets of the entire database.

• Identify specific customers that cannot co-exist on the same database server.

AUTHORIZATION
Enable polices on who can access which datasets, enable strict permissions.

• Different users should only be allowed access to specific datasets within a database:
down to the specific row and column levels. Never grant excessive permissions.

• If application users and database users do not correlate, more sophisticated

authorization needs to be configured to create a strong chain of identity.

• Set requirements for sophisticated authorization that goes beyond simple users: filter
origin of access to data – server IP, time/date, application, etc…

• Do you have “super” / system” users that can access all data? Are they required?
These types of users require special attention.

AUTHENTICATION
Setup secure means by which users authenticate with the database.

• Consider using strong authentication mechanisms such as single-sign on and

restricting databases to only authenticate users from Directory Services and not
using username/password combinations.

• If “web users” authenticate with your application and the application authenticates
with the database using different users or using username/password combinations,
special attention must be placed on creating strong authentication chains.

Copyright 2017, NAYA Tech

All Rights Reserved
Database Security from naya tech
Stop data breaches at the source by protecting your critical and sensitive database
systems using naya tech’s 24X7 Database Security Operations Center (DSOP) -
OVERWATCH.

Naya tech’s OVERWATCH service is a combination of proprietary automatic tools

and a team of on-shore US-based database security experts who monitor your
database systems, either periodically on-demand or continuously, providing real-time
threat monitoring, vulnerability detection and prevention with realtime alerts. Make sure
your databases are bullet-proof and your data is secure.

OVERWATCH services are provided across all major database platforms including:
Oracle, SQL Server, MySQL, PostgreSQL, Hadoop, Cassandra, MongoDB, Couchbase,
Elastic - both for on-premise and for Cloud deployments.

Next Steps
Interested in learning more about protecting your databases and database security?
Contact us for a free one hour consultation where we asses your existing database
security polices, requirements and detect gaps that can put your data at risk.

1250 Oakmead Pkwy, Suite 210

Sunnyvale, California, USA 94085
+1.408.501.8812
[email protected]
http://www.naya-tech.com

Written by David Yahalom, CTO & Co-Founder

May 2017

Copyright 2017, NAYA Tech

All Rights Reserved