Top Tips: Keeping your databases safe and secure
As data collection becomes increasingly complex, sophisticated and essential for marketers, protecting the security of those databases is more important than ever. We asked several top experts to offer their best tips for how marketers can make sure their data stays safe.
Plan to fail
Assume a security breach will occur at some point, and ensure you've got a comprehensive incidence response plan in place. Capturing and retaining all traffic stored in your database for historical reporting and forensic investigation is a critical component of this plan. It helps to ensure that when your database is comprised, you're able to quickly and effectively uncover the source of the problem and resolve it.
Alan Hall, marketing director, Solera Networks
Develop sound security policies
Most data security issues stem from poor policies and standards that lead to investment in poor technical solutions. It's the classic ‘garbage in, garbage out' scenario. Before implementing security solutions, companies should consult with key stakeholders, including marketing professionals, who have sensitive information assets to protect. Marketers can assist IT in accurately identifying, categorizing, and protecting key marketing databases in accordance with sound information security policy. Remember, the effectiveness of a security solution depends largely on the strength of the policy governance that guided the selection and implementation.
Craig Robinson, chief operating officer, GlobalSCAPE
Know your data's sensitivity level
Databases and data management solutions tend to gravitate towards collecting all the data elements anyone will ever need to use. Quite often there are extremely sensitive data elements like account numbers that are not needed by many of the data users. The sensitive data elements drive very strict security requirements that will limit the business use of the data. By stripping out seldom used sensitive data in files or databases, you can increase the availability of data to the business with lower security risks and expense.
Frank Caserta, chief security officer, Acxiom Corporation
Plan your audit process carefully
When auditing your database, make sure your audit process is independent of the system being audited. Otherwise, it's like the fox watching the henhouse. Also, the audit trail should contain appropriate detail. That's a “duh” thing, but a lot of people don't have heavy auditing turned on. You really want to catch that appropriate detail, so you really need to do heavy logging. If you are going to do it, you need it on an external system as well. Finally, there is scope. What people don't realize is databases have very complex architectures today, and to get an understanding, you need to be looking at the entire data architecture, which means having a sufficient audit trail where you're pulling in all the critical pieces.
Brian Contos, chief security strategist, Imperva