Production Security Strategy
System Specific
Each platform, environment, and system requires a tailored approach
Databases
Each database platform works differently and requires its own expertise. Oracle is not SQL Server which is not MySQL. In addition, each database is unique and requires security to be tailored to its distinct curves. The more tight-fitting the security, the more powerful the results. A one-size-fits-all approach is as valuable as it sounds.
Applications
Each application is unique. Each has different users, data, requirements, features, architecture, design, etc. The only way to properly secure an application is with a targeted approach that customizes the security to each and every application. The quality of the security is in direct relation to the effort you put into it.
4 Levels of Security
4 Levels of Security is a general security strategy that combines various security approaches into a single strategy.
Level 1 – Inventory, Baseline & Change Control
Inventory & Baseline
The first step in security is to discover the systems that contain or process sensitive information, locate the sensitive information in them, and validate the baseline of those systems in terms of configuration, users, permissions, objects, etc.
Control the Changes
Once the baseline has been validated, it is necessary to establish tight control over the changes. This includes processes to approve the changes as well as monitoring controls to identify changes and validate that they have been approved.
Level 2 – Compliance Auditing
Declarative Auditing
Declarative Auditing is a method for controlling activity that is both high-risk and low-volume. This usually includes activity under change control, administrator activity, user sessions, and activity on sensitive data that is low volume.
Compliance Reporting
Compliance reporting is a type of reporting usually required by various regulations. The purpose is to introduce the human element into the security process by having personnel review activity audited by declarative auditing.
Level 3 – Forensics & Anomalies
360° Forensic
360° Forensics allows you to see everything that ever happened in your system. Unlike Level 2 that focuses on specific threat vectors, Level 3 looks at everything. 360° Forensics should be used both during event investigation and on a regular basis to review system activity.
Anomaly Analysis
Anomaly analysis is a method for comparing and contrasting the activity today with activity in the past in order to identify potential attacks. The objective is to find the needle in the haystack that is invisible to the naked eye. This is a powerful tool to detect SQL injection, compromised accounts, and more.
Level 4 – Advanced Preventive Security
Administrator Control
Administrator access is notorious for being both high risk and difficult to control. Level 4 aims to prevent administrators from accessing data, as well as introduce separation of duties to mitigate the risks in certain administrator activities.
Various Controls
Level 4 has capabilities to help tailor access control beyond what the system controls allow. These include whitelisting and blacklisting based on activity source, rate limitation, day and time limitations, filters based on activity content, and more.