Database Security Product Strategy
Blue Core Research has a separate security strategy for production systems and non-production systems. This strategy is aimed to maximize security, simplify compliance, and minimize cost.
The Blue Core Research Security Strategy for production systems is based on 4 levels of security. Easy level offsets a different approach that is suitable for different customers with different needs. The combination of levels and approaches offers a more complete strategy.
We recommend to first divide the systems into systems that should have basic security and systems that should have more strict security. Determining the systems that should have stricter security is a business decision that depends on parameters like the sensitivity of the data, the business impact of a breach, and various compliance requirements.
Generally speaking, any system that contains sensitive information or information that is important to the business should be classified as a stricter security system. Such systems include systems that contain financial data, information related to employees, information related to customers, personal information, privacy, intellectual property product information, development plans and forecasts, and more.
Systems that only require basic security would only need Level 1 security. Systems that require stricter security should initially be deployed with Level 1 and Level 2. Over time, your understanding of each system and its security needs will mature, and you will often move to higher levels of security as appropriate.
To learn more about the strategy of the different levels of security, read more.
To learn more about Core Audit, read more.
Blue Core Research Security Strategy for non production systems such as test and development is using Static Data Masking. Static data masking permanently removes sensitive data from non production systems and replace it with masked data. This is a non-reversible process and only needs to be applied once to the data. The masked data will retain the important properties and characteristics of the original data, thereby allowing testing and development using production-like data without exposing real sensitive information.
Despite the removal of the sensitive data, we usually also recommend deploying Level 1 security in order to maintain basic control over the systems, and to be aware when things change.
The lean more about Core Data Masking, read more.