90% of sensitive data theft is from servers. Why? This is because most sensitive data are stored in servers. As the famous bank robber Willie Sutton once said “Why do I rob banks? Because that is where the money is!”
It is particularly true, if you are dealing with Big Data as Trillions of GB of data is being generated everyday. You may also know-
What your Data Warehouse is?
A data warehouse environment consists of much more than just a database.
The entire environment ranges from the extraction of data from operational system, transportation of this data to the data warehouse, distribution to other analytic platforms, and finally distribution to the end business user.
In today’s highly distributed, complex world, the data warehouse environment spans multiple servers, applications and systems.
When putting a security strategy in place, you must ask yourself “Who has a valid business need to know sensitive data?” If no valid reason exists, then access should be denied. Also ask, should sensitive data even be entered into the data warehouse at all. In many cases, you can analyze trends at the aggregate level without compromising sensitive personal detailed data that could break PHI/PII rules.
Some questions to ponder across three key areas of focus for data warehouse security.
1) Data inputs
-
As data moves into the warehouse, how can you ensure integrity?
-
Is a data classification policy in place? How is it applied to data entering the data warehouse?
-
Does this data need to live in the data warehouse at this level (or aggregated)?
2) Data outputs
-
Is data exported from the warehouse to other applications, for example for reporting? If so, how is the data secured?
-
How do you know that only authorized recipients are able to obtain the output?
-
How do you know the right recipients receive the right information – and nothing more?
3) System security
-
Have user access rights been determined and documented?
-
Are they based on roles, for example through Active Directory groups?
-
Are administrator and super-user accounts carefully controlled and audited?
-
Is the supporting database appropriately configured and hardened for maximum security?
-
Is access to data restricted according to its sensitivity?
-
Do you sufficiently monitor and audit the data warehouse?
The capabilities outlined in the given figure above are a MUST to handle all these questions and usually available on all leading data warehouse platforms. Most leading data warehouse platforms come with built-in identity and access management systems.
This Article Was Written & published by Meena R, Senior Manager - IT, at Luminis Consulting Services Pvt. Ltd, India.
Over the past 16 years, Meena has built a following of IT professionals, particularly in Cybersecurity, Cisco Technologies, and Networking...
She is so obsessed with Cybersecurity domain that she is going out of her way and sharing hugely valuable posts and writings about Cybersecurity on website, and social media platforms.
34,000+ professionals are following her on Facebook and mesmerized by the quality of content of her posts on Facebook.
If you haven't yet been touched by her enthusiastic work of sharing quality info about Cybersecurity, then you can follow her on Facebook:
Click Here to follow her: Cybersecurity PRISM