- Security TWENTY
- Women in Security
An unsecure database is a breach waiting to happen, and it is fundamental businesses take steps now to mitigate this risk, writes John Pocknell, Senior Market Strategist at software firm Quest.
It can sometimes feel like a new data breach hits the news on a weekly basis. However, what is concerning is that the root cause of some of the biggest data leaks we have seen in recent months and years is as a result of an unsecure database – and this is happening more frequently. Think back to the recent Virgin Media data breach, which involved the discovery of an unsecured marketing database which exposed 900,000 customers’ personal data. Databases contain highly sensitive data and leaving them unsecure is making the lives of the bad actors very easy indeed. So why are organisations finding themselves in this position and what can businesses do to avoid becoming the next news headline?
With cyber-crime an ever-persistent threat, it’s no surprise that we see organisations fall victim to sabotage from time to time. But unsecure databases mean organisations are themselves leaving a gaping hole in their cyber security strategy, and it doesn’t take hackers scouring code for vulnerabilities or sophisticated socially engineered emails and new malware to penetrate through. These databases are left open and exposed on the web and can constitute a serious breach of data regulations in and of themselves.
In the age of GDPR, why are some organisations making the lives of cyber criminals any easier by leaving sensitive information easily accessible and completely unsecured? Some companies continue to focus their efforts on ensuring that their front-end databases are GDPR compliant. But in contrast, back-end databases, such as development, testing and UAT, are being neglected. There is also the challenge that some businesses didn’t even realise their databases were unprotected, particularly due to the fact that many didn’t even know some databases existed in the first place.
The problem is database sprawl: as organisations seek to collect and gather data the number of databases created is staggering, making the life of IT admins even harder. In addition, databases are often stored both on-premises and in the cloud, making it difficult to keep track of what information is where. Simply put, some businesses don’t know what databases they have and where it may or may not be stored. So, no wonder it’s a struggle to keep the right databases secured.
Visibility is key
Organisations need to take steps to regain database visibility. Under the GDPR, one of the requirements for database administrators is to inventory the data across all their databases. Doing so is the first step towards understanding where personal or sensitive data exists, before implementing the necessary compliancy requirements that will prevent exactly these types of data exposures from taking place. Having this level of visibility is crucial for organisations as they are responsible for the data entrusted to them by their customers, employees and partners.
In addition, through automation organisations can streamline the data inventory process and monitor and audit every database, whether in the cloud or on-premises. Visibility is not only essential in combatting database sprawl, but it can enable organisations to gain extra value from the information they hold. Growing databases should be seen as a business asset rather than a hinderance or GDPR fine waiting to happen.
Visibility will not only give control back to IT teams, enabling security to be improved and eliminating a potential breach, but it will allow business decision makers to have full access to the information they hold. In addition, with granular visibility IT teams can start to determine consolidation strategies and decide what information needs to be secure and to what degree. It’s no secret that data is extremely valuable, but idle data is easy to forget about, and forgotten data is a honeypot for those who may want to steal it. But it’s more than reasonable to archive data that is no longer in use and with this visibility, IT teams can find the right balance, between holding onto valuable data and simply hoarding everything, ensuring that only useful data is kept active.
Years of being able to spin up databases at the drop of a hat has led to database sprawl causing a situation where many organisations don’t have a clear picture of what databases they have, let alone how they need to go about securing it. But by implementing tools and processes that will enable greater visibility, IT teams can start to bring databases back under control.