Database auditing is critical for compliance reasons and database security. It enables you to detect suspicious activity and establish accountability after the fact. Also, while database auditing cannot directly prevent malicious acts, it can have a deterrent influence on would-be adversaries. Remember, about 75% of all breaches are caused by internal personal.
Our experience includes working with clients requiring compliance with PCI (payment card industry), Sarbanes-Oxley and HIPAA. We’ve worked with businesses of all sizes from small businesses with a single database to large scale database installations for a Fortune 50. This means we understand the different database auditing techniques and requirements.
When designing your database auditing strategy, what questions should you ask? Potential questions fall into two categories: Static or preventive and dynamic or reactive.
Preventive questions help you discover areas where the Least Privilege Principle is not followed. Examples for preventative questions are:
Reactive questions however try to provide the information needed to investigate after the fact. Examples are:
When sqlity.net handles your database audit, you can have the peace of mind that it will provide answers to the right questions.
Do you know the #1 thing we find with new clients?
In our experience, we find security is often overlooked or an afterthought. It takes a backseat to functionality and performance because people take shortcuts in the rush to finish a project. They’re up against a deadline and they think they’ll have time to come back later to fix it. But often that does not happen because something else “more important” takes precedence.
Then, the unthinkable happens.
Target, Adobe, Home Depot, the American Military VA, Community Health Systems, the list goes on. From major retailers to renowned research hospitals, no one is impervious to a data breach.
Did you know that each customer record affected by a breach could cost your company $188(USD)? Multiply that by the number of records your company stores. How many millions is it? And this calculation does not even take the inevitable PR nightmare into account. Nobody likes to do business with a company affected by a breach.
Peace of Mind for your SQL Server Security Questions.
A surprising number of businesses leave their SQL Server security to chance. In the event something happens, they’re faced with loss of customer trust and costs that easily go into the millions.
Don’t leave security to chance. You likely already have many types of insurance for your business. Your SQL Server security is as important as any type of insurance policy. After all, the data in your database is the lifeblood of your company.
Do you store credit cards or other payment related information? Do you have to comply with HIPAA regulations? Is your company affected by the Sarbanes-Oxley Act? Do you handle other protected PII? If you answered yes to any of these questions, you are likely also required to follow increased audit log requirements. These requirements include detailed data access logs identifying the individual person and the type of access. Does your current database audit plan live up to these requirements?
Call us now to discus these questions:
Our experience includes compliance with PCI (payment card industry), Sarbanes-Oxley and HIPAA. Don’t wait for the Auditor. Start on your way to a compliant Database Audit Plan today.
Call 832-377-5489 or email us now.