Database Security: The Need for a Comprehensive Strategy
By dseurer on Aug 16, 2012
The year was 73 AD. During the First Jewish-Roman war, Jewish rebels and their families took refuge on a tall mesa, known as Masada, between the Judean Desert and the Dead Sea Valley.
Months into the siege, Roman forces built an assault ramp to the top of the butte. Once the ramp reached the top, Roman forces easily breached the defenses of Masada, finding all the Jewish inhabitants had committed suicide. The forbidding nature of mesa and some perimeter walls along the edges were all that separated the inhabitants from their attackers. Once that line was breached,there were no further defenses in place to stop the advance of the Roman forces.
What does the first century siege of Masada tell us about data security? Plenty, as it turns out.
Masada provides a good example of the benefit of a defense-in-depth approach to security. Defense-in-depth is an approach to security that provides multiple levels of protection that seeks to delay attacks in order to buy more time in defending against them. It involves multiple layers of security controls, providing redundancy and protection in the event of a single control failing. At each security level, controls and warning mechanisms can be deployed to provide detection and response to a given attack. Masada was clearly lacking a defense-in-depth strategy.
Like Masada, most IT organizations lack an in-depth strategy to secure their data. As many recent, well-publicized data breaches have shown, perimeter (network) security is clearly not enough to preventing data breaches.
IT organizations must deploy a defense-in-depth strategy to fully protect themselves against the multitude of threat vectors facing them today.
An effective, in-depth approach will include perimeter security as the first line of defense against attack, but will also include other controls such as auditing, access control, data encryption, and data masking.
In subsequent blog entries these controls will be discussed in further detail. Together these controls can be employed together to provide a complete defense-in-depth data strategy to ensure your data are fully protected. Learn the lesson that Masada teaches us. Perimeter security, while important, should not be your only line of defense.