November 2, 2015 By Vikalp Paliwal 3 min read

Expectation: I am an IT security and compliance director, and I have an audit coming in a month. I have few databases that have customer data, product data and employee data. I think I will be OK and may be able to pass the audit if everything goes well.

Reality: I am an IT security and compliance director and I have an audit coming in a month. I have databases that I don’t even know about in my environment, and I am not sure if those databases contain customer data, product data, employee data or some other sensitive data. I don’t think I’ll be OK, and I will fail the audit. I am sure nothing will go well.

Is Your Compliance Status at Risk?

Does this reality sound all too familiar? And more importantly, are you covered?

Compliance is most challenging when you have to meet various security baselines (e.g., STIG, CVE, CIS, SOX, PCI or HIPAA) for all your data sources. Multiply it by the number of data sources across several platforms and the equation gets very complex.

Read the white paper: Three Guiding Principles to Improve Data Security and Compliance

Organizations are almost constantly trying to minimize the cost of compliance and are always looking for a way to meet all their compliance needs cost-effectively and without much hassle. This sounds too perfect, right?

But it is possible. It starts by understanding the strategy to be in compliance from a data source vulnerabilities perspective and adopt industry best practices in this approach.

Why Do You Need This Approach to Compliance?

Organizations have thousands of data sources across multiple platforms (e.g., databases, data warehouses, big data platforms) with thousands of users accessing data from applications or natively using sequel queries. Database administrators (DBAs) deploy the production system with default usernames and passwords or passwords that do not comply as per corporate baseline. As a result, they are easy to decode for gaining access to the data.

Data control language (DCL) commands like Grant and Revoke are not set properly and often provide excessive privileges to users who do not need them. There are so many misconfigurations and default database settings that need to be changed. There are also missing patches that need to be updated.

Managing the data repositories’ vulnerabilities requires a great deal of skill and maintenance, especially when you multiply this by the number of data sources and data platforms. It’s a big project, and relying on resolving this all manually is a massive investment in time and resources. But it will not make you sufficiently compliant or more secure on its own.

This leads to the next point: Insider threats increasingly lead to data breaches. Enterprises often have no authority to restrict access, they do not have a simple source of information on who has access to what and they cannot manage entitlements across a large inventory of data sources. All of this must be remediated.

Is There a Solution?

Enterprises are looking for an automated way to analyze sensitive data servers, identify sensitive data, check for the risk posture in those servers and get a vulnerability assessment report to understand the overall risk. Once they gain access to this information, they can then look for best practices to remediate all vulnerabilities scanned on those servers.

This will solve the twofold problem of managing compliance and securing your data.

That may be your ideal scenario, but it can also be a reality. Some organizations are leveraging IBM Security Guardium Vulnerability Assessment to solve this big challenge. To learn more, watch the on-demand webinar “Avoiding the Data Compliance Hot Seat” or watch the latest Guardium Vulnerability Assessment demo:

https://youtu.be/i60ht6UF27s

More from Data Protection

How to craft a comprehensive data cleanliness policy

3 min read - Practicing good data hygiene is critical for today’s businesses. With everything from operational efficiency to cybersecurity readiness relying on the integrity of stored data, having confidence in your organization’s data cleanliness policy is essential.But what does this involve, and how can you ensure your data cleanliness policy checks the right boxes? Luckily, there are practical steps you can follow to ensure data accuracy while mitigating the security and compliance risks that come with poor data hygiene.Understanding the 6 dimensions of…

Third-party access: The overlooked risk to your data protection plan

3 min read - A recent IBM Cost of a Data Breach report reveals a startling statistic: Only 42% of companies discover breaches through their own security teams. This highlights a significant blind spot, especially when it comes to external partners and vendors. The financial stakes are steep. On average, a data breach affecting multiple environments costs a whopping $4.88 million. A major breach at a telecommunications provider in January 2023 served as a stark reminder of the risks associated with third-party relationships. In…

Communication platforms play a major role in data breach risks

4 min read - Every online activity or task brings at least some level of cybersecurity risk, but some have more risk than others. Kiteworks Sensitive Content Communications Report found that this is especially true when it comes to using communication tools.When it comes to cybersecurity, communicating means more than just talking to another person; it includes any activity where you are transferring data from one point online to another. Companies use a wide range of different types of tools to communicate, including email,…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today