Home>>  News & Events>> NetLib News

NetLib News

Top 10 Tips for Data Protection!
Back to Listing
Monday, June 18, 2007
Everyone appreciates a good tip now and then, right? How about 10 very useful and easy to follow tips for protecting business critical data. It’s not as cumbersome and expensive of a process as most people think – take a few minutes to scan the below and you’ll see what I mean.
 
1. Limit the number of users authorized to access the database. This would seem obvious to most but it is often overlooked.
 
2. To that end, prevent physical access to the machine by unauthorized people. It is virtually impossible to maintain security if there is unlimited physical access to a machine.
 
3. Most hackers are not Einsteins. They are looking for the lowest hanging fruit. Leaving databases or backups unencrypted is inviting anyone in.
 
4. When given the choice, choose pass phrases to encrypt data rather than passwords. Pass phrases are expressions or combinations of words that are easy for you to remember but difficult for other people to guess. Preferably things in your everyday life should jog your memory. For example, if you pass four traffic lights on the way to work, your passphrase could be pass4lights. A lot easier to remember than GB1764T, and a lot more effective than your kid’s birthday.
 
5. Keep keys separated from data. At a minimum, keys should be stored in a different file but preferably on a different drive, server, or device (e.g., USB jump drive).
 
6. When encrypting columns in a table, make sure the same plaintext values encrypt to different ciphertext values. This is especially important for short columns such as passwords, salaries and expiration dates.
 
7. Understand your critical business needs – Whole database vs. Column encryption. Are you protecting specific data (e.g., credit card numbers, test scores) from the outside world? Or are you protecting your intellectual property (e.g., schema and proprietary data) from your customer? Contrary to what you have read, whole database encryption is not slower on a properly sized machine.
 
8. Make sure that critical data on backups, desktops, and laptops is encrypted, not just the data on servers. Remember that sometimes the person you need to restrict is the backup operator, or the desktop or laptop user! So built-in Windows protection is not always the answer.
 
9. There is no perfect security. Don’t let the apparent complexity of the problem prevent you from taking simple steps. Sometimes several levels of tools that are easy to deploy and maintain are a lot more effective than a single super-tool that is designed to solve everything. Sometimes the super tool is so complex that it is never deployed effectively, or encourages users to figure out ways around it.
 
10. Defend, don’t just restrict. For years NetLib has been pointing out that most organizations spend all their energy on restricting unauthorized access to data, while leaving data completely unencrypted once unauthorized access does occur.