Data Security Basics
It’s often true that spending a little bit of time now can save you a lot of headache in the future.
And this is definitely the case with Data Security.
Keep reading or watch the video below to learn some simple concepts to protecting your data!
Data Security Overview
At the risk of over simplifying Data Security, it all boils down to access control.
It’s best to follow an allowlist policy when it comes to Data Security.
A Data Guardian will basically limit all access to the database except for a handful of legitimate users.
A Data Guardian will also restrict from where those users can connect from.
And when granting privileges to the database, they will follow the Principle of Least Privilege.
Let’s start with blocking access.
Blocking access
The first rule for Data Security is to limit connectivity paths to the database.
That is, do not expose your database to the internet. Put it behind a firewall and VPN.
This will drastically reduce unauthorized access attempts.
The second rule is to force all data access to go through the database.
If you can read the data in plain text without logging in to the database, so can an attacker who gains access to the system or network.
To block this, enable encryption. Encrypting data in transit prevents unauthorized users sniffing the network traffic.
Encrypting the data at rest prevents unauthorized access to the database files themselves.
Granting access
Once you have blocked access except through the database, it’s time to grant access to authorized users.
To grant access, you create users and give them certain privileges.
When creating users, give strong credentials which are rotated periodically.
And consider limiting from where users can connect.
When users are created, don’t just give them complete access to the database. Follow the Principle of Least Privilege.
Keep the number of users that can administer the database and schema to a minimum.
And then spend some time understanding which users should be able to read the data, and which users to manipulate the data.
Even ask yourself, should the user have access to all the data or only a portion?
Conclusion
As a business, your customers trust you with their data.
If you follow the foundational Data Security rules from above, you will minimize the chance of losing that trust.
Remember to block access to all but a few users from known locations.
And for approved users, follow the Principle of Least Privilege in granting access to the data.
Pingback: Snooping MySQL passwords with eBPF - DistributedDBA