What must change to maintain database security in the “New Normal”
The global Coronavirus pandemic has and will continue to affect fundamental changes in business practices for nearly every enterprise. Database security faced significant challenges before the pandemic. Today, new circumstances have emerged that are expected to exist for the foreseeable future. It is critical for enterprises to identify these new circumstances and take proactive steps to ensure they do not compromise or weaken efforts to maintain database security going forward.
Shifting to a remote workforce makes it hard to maintain database security
The global Coronavirus pandemic hit us hard and fast, compelling more organizations to shift to remote work environments to protect society. Remote working is not new, but it hasn’t been the norm across the board. Many companies are now rethinking their ways of working at a fundamental level and considering remote workforces part of a new reality. While the protection of society remains the top priority, in too many cases protecting databases has not been prioritized at all. Current data confirms this. The International Association of IT Asset Managers reports data leaks from remote workers have been much worse than anticipated. Barracuda found that 46% of global businesses have encountered at least one cybersecurity scare since shifting to a remote working model during the Coronavirus lockdown.
Teams have fewer resources to manage and secure data repositories
Forbes reports IT and tech leaders are moving towards a ‘keep-the-lights-on” strategy with their IT budgets, but as the pandemic has lingered, CIO outlooks have become more pessimistic. In relatively normal times this strategy might be sufficient to maintain database security, but not now. The pandemic is driving up IT spending as CIOs race to support a new remote workforce. Investment in virtual private networks, desktop infrastructure, and hardware is competing head-to-head for resources to continue securing database repositories.
There is enhanced pressure to move workloads to the cloud
Cloud environments offer cost-efficient pay-as-you-go models, making them an irresistible choice for enterprises, particularly in an uncertain business climate where budgets are shrinking. Before the pandemic, the breakneck pace with which enterprises were migrating workloads to the cloud was outstripping security teams’ ability to maintain database security. As a result, many companies curtailed or even halted the process. Given the current economic pressures, business leaders may be tempted to move forward anyway and manage database security threats in the cloud as problems present themselves.
Take steps to maintain database security with a remote workforce
Only enterprises with mature cybersecurity plans have accounted for maintaining database security for a remote workforce, everyone else has a bit of work to do. The most impactful step is to ensure your remote workforce has access to a VPN and compel them to use it all the time and assume always that they are dealing with sensitive information. Your IT team should be able to wipe every computer in use remotely in the event that it is compromised or stolen. Give workers resources to help them learn how to assess their home network’s security and protect it going forward. Ensure that your remote employees are very familiar with data privacy laws like GDPR and HIPAA.
Do more with less to secure data repositories
Before the pandemic, many enterprises struggled with a lack of clarity as to who is responsible for securing database repositories. In the current environment, establishing and maintaining clear communication regarding accountability to maintain database security is critically important. DBAs, developers and security teams need to work together to ensure that they are not making obvious mistakes related to basic security practices. This is easier said than done, especially with a remote workforce. The skills gap that existed in the pre-pandemic database security world is more pronounced today. Fewer people and resources are working, so security teams need to re-prioritize their goals. It is imperative that the people responsible for database security build an institutional knowledge base and ensure that everyone who can play a role in maintaining database security understands what their responsibilities are as the complexity of the environments continues to grow.
Ensure database security in the cloud
Database security was already hard, even before the complexities introduced by the cloud. Pre-pandemic there was increased pressure on security teams to create a data-centric security model that accounts for the new and different technologies used in the cloud. Today, security teams are tasked with securing the perimeter for a remote workforce and securing the on-premise and cloud-based data repository with fewer people and resources. You need to consider what sensor method you are going to rely upon for capturing data. This has changed dramatically for the cloud as opposed to traditional on-premise, so you need to think about what makes the most sense from the operational and ease of integration perspectives. It’s not about just how you collect the raw data and store it somewhere effectively. That should not be the end goal. How you reconcile data from many different sources, get a comprehensive view across your data estate, and interpret it is far more critical to maintain database security.
Optimize the tools you currently have
Much like the key to overcoming the pandemic, people doing the right things consistently will be the key to successfully managing database security during the pandemic and beyond. Set the expectation that your remote workforce follows best security practices to avoid becoming victim to a phishing attack or leaving sensitive data exposed and opening the enterprise up to a potential breach. Communicate with people in the business units, particularly DBAs and developers who are likely to install databases about the importance of following sufficient database security practices. Ensure that there is clear communication between the key stakeholders in the business units and security teams so everyone knows who is accountable for securing the database repository and what they can do to ensure it happens. In the cloud, remind your people that while cloud vendors provide security in their system as a default, it is their responsibility to extend security controls to your data to avoid exposure. Working smarter as a team, you can “flatten the curve” of data leaks and keep your databases secure in this new environment.
Learn more about modern database security strategy
Right now, the jSonar unified database activity model is making real database security a reality for dozens of Fortune 500 companies in financial services, healthcare, insurance and more. jSonar is helping security teams reduce costs and gain control of database management through a comprehensive database security strategy. These companies have taken the steps to get the real security value they need from their on-premises and cloud-based data sources and you can, too. Contact jSonar and get a demo today.