Security is a hot topic. Organisations are constantly trying to figure out ways to protect their applications and services, but somehow, they tend to overlook databases. Strange, because databases are at the heart of everything: if your database goes down, your applications and services will be unavailable as well.
So, what should you keep in mind when you are trying to protect data, your organisation’s most valuable asset? And are there specifics that apply to open-source databases? Let’s dive in with our managing partners, Bart Callens and Kim Jansen!
Are open-source databases more difficult to secure?
People used to think that open-source software is less secure, because the source code is available online and therefore easily accessible. Luckily, this misconception is on its way out: when we talk to our clients, we’re getting this question less than we used to.
In fact, open-source databases are arguably more secure than their closed-source counterparts, precisely because their source code is there for everyone to see. Any vulnerabilities and possible exploits will be spotted much sooner by a global user base of enthusiasts than by a comparatively small security team at one organisation. Bart explains this by comparing it to a car.
“Imagine a car that breaks down, but where you can’t look under the hood to see what’s wrong. Even if you know someone that can repair cars, you’ll have to send it to a certified repair shop. They can charge whatever they want for the repair, and since you won’t get to verify the result, you don’t know when or how your car will break down again. I can’t imagine a lot of people that would be interested.”
Which security aspects should you pay attention too?
Coming up with an exhaustive list would be nearly impossible and take up at least a few pages. As Kim likes to point out, there is much more to security than meets the eye:
“Security is about much more than (relatively) easy-to-solve aspects like firewalls and access control. It’s also about managing your assets and people correctly. If you really want to protect what matters most, you’ll have to foster a company culture that puts security front and centre.”
There’s a good reason why people tend to leave these kinds of things to the experts, but that doesn’t mean that you shouldn’t be keeping an eye out. Instead of a complete list, we’ll point out some aspects that you should keep in mind based on our experiences. Consider it an elementary checklist of sorts to help you get started with the basics.
- Authentication: use strong, personal passwords enforced through strict password policies, and consider using multi-factor authentication methods.
- Encryption: Encrypt sensitive data both at rest and in transit. Don’t forget about backups! An unprotected disk, even in offline cold storage, poses a significant threat to your operations if it can be accessed physically.
- Auditing and Monitoring: Establish regular security checks and auditing policies to monitor database activities. Consider using an external party to audit your data infrastructure for any vulnerabilities.
- Access Control: Limit access to databases strictly to necessary personnel and services.
- API Security: Secure access to databases via APIs with proper authentication and authorisation checks.
- Environment Management: Maintain clear separation of your environments (TST/DEV/TRN/ACC/PRD) and avoid transferring sensitive data from production to non-production environments.
- DoS Protection: Protect against Denial-of-Service attacks with network security measures like firewalls, load balancers, and connection poolers.
- Data Integrity: Prevent data corruption with regular security checks and updates, and ensure backups are taken and stored securely.
- Enterprise Editions: Consider using an Enterprise Edition of an open-source database for additional tools and support.
- SQL Injection Prevention: Employ measures to prevent SQL injection attacks, such as parameterised queries and input validation.
- Employee Training: Last, but certainly not least. Remember to educate your team on security best practices, like not leaving laptops unlocked, to maintain a secure database environment.
What if I don’t know where to start?
It’s easy: get an expert to help you out! Coming from a database services provider, this may seem obvious, but trust us; there is nothing like an experienced partner to help point you in the right direction. As Bart puts it:
“Especially when it comes to something as essential as security, you don’t want to take any risks. It doesn’t even have to be us, but make sure to at least get a second opinion on something that protects your sensitive data.”
Through an expert partner, you can also stay up to date on the latest evolutions in (open-source) databases and use new features as soon as they become available. The great thing about the open-source community is that, if something is interesting enough or requested frequently, that feature is bound to be added sooner or later.
For example, Transparent Data Encryption (TDE), also known as encrypting data at rest, is becoming popular and therefore being added to several open-source databases. We’re also noting an increased interest in AI-powered data access management. These kinds of self-learning tools can recognise outliers in access requests, such as in the middle of the night or by someone who normally never needs that data, and proactively protect your systems. Exciting times ahead, that’s for sure!
Looking for an expert partner to help protect the backbone of your operations? At Zebanza, we offer both a global health check, several in-depth assessments, and managed services so you don’t have to worry about your databases at all. Contact us today to discuss the possibilities!