Comments
yourfanat wrote: I am using another tool for Oracle developers - dbForge Studio for Oracle. This IDE has lots of usefull features, among them: oracle designer, code competion and formatter, query builder, debugger, profiler, erxport/import, reports and many others. The latest version supports Oracle 12C. More information here.
Cloud Expo on Google News
SYS-CON.TV
Cloud Expo & Virtualization 2009 East
PLATINUM SPONSORS:
IBM
Smarter Business Solutions Through Dynamic Infrastructure
IBM
Smarter Insights: How the CIO Becomes a Hero Again
Microsoft
Windows Azure
GOLD SPONSORS:
Appsense
Why VDI?
CA
Maximizing the Business Value of Virtualization in Enterprise and Cloud Computing Environments
ExactTarget
Messaging in the Cloud - Email, SMS and Voice
Freedom OSS
Stairway to the Cloud
Sun
Sun's Incubation Platform: Helping Startups Serve the Enterprise
POWER PANELS:
Cloud Computing & Enterprise IT: Cost & Operational Benefits
How and Why is a Flexible IT Infrastructure the Key To the Future?
Click For 2008 West
Event Webcasts
Why Data Breaches Occur and How You Can Lessen Their Impact | Part 2
Part 2 of 2: There are a few small things that can make a big difference in every organization

Last week, I covered some of the reasons data breaches happen. Let's shift gears now and look at what can be done to reduce their impact. To be perfectly clear, there’s no magic bullet for security. There are, however, a few small things that can make a big difference in every organization.

  • Encrypt everything
    This may sound difficult, inconvenient and expensive, but it’s really not. In fact, once implemented, most encryption solutions are so turn-key that you’re likely to forget they’re running in the background. Plus, can you really put a price on the protection of your corporate and customer data?

    At a minimum, you should encrypt anything you believe to be sensitive data, regardless of whether a federal mandate requires it. In the healthcare example I referenced earlier, if the data on those lost or stolen devices was encrypted, the organizations responsible for it wouldn’t have had to report the thefts, saving millions of dollars in fines, not to mention public embarrassment and brand damage.

    Encryption is not about preventing data breaches, but rather mitigating the damage a breach can cause. Encrypted data is essentially useless data if you heed the advice below.

  • Take good care of your keys
    You know those people who claim to be vegetarians but admit that they also “eat chicken and fish?” They're not really vegetarians. In much the same way, someone can claim they take data security seriously, but if they don’t have a sound key management strategy, then they’re only fooling themselves. If you take data security seriously, then you need to take key management seriously as well.

    Good key management starts with knowing what keys, tokens, certificates and other security-related objects are loosely floating around your environment. Once you’ve found them, you need to secure and manage them. Organizations should consider a centralized management system for these objects provides security and storage, and enforces a broad range of policies for object authorization, access, expiration, revocation, retrieval limits and more.

    Centralizing key management ensures that there’s always a single, trusted source of truth governing access to your important security objects. To prevent unauthorized access to your keys (and thus, your data), it’s important to ensure this centralized key store is accessed only through approved, automated processes, rather than specific individual users.

     

  • Require multifactor authentication, especially in the cloud
    Two-factor authentication can significantly reduce the likelihood of an account being compromised or access being granted to an unauthorized party. And it works really well on shared systems where multiple users might login at different points in the day.

    But the cloud is an entirely different animal, and traditional two-factor authentication that requires a user to have direct, physical access to a device in use, simply doesn't work. For example, you cannot use a smart card or fingerprint reader to access a device in Amazon's cloud.

    For cloud-friendly multifactor authentication, look for a solution that alerts third parties when access to a certain application, file or SSH session is being requested. This ensures someone, or something, other than the original requestor, signs off on the request before access is granted.

The suggestions above are fairly quick and easy to implement either on premises or in the cloud and can immediately boost your security posture. Protecting your data means protecting your intellectual property, your customers’ privacy, your competitive advantage and your reputation. That should be reason enough to act, shouldn’t it?

About David Tishgart
David Tishgart is a Director of Product Marketing at Cloudera, focused on the company's cloud products, strategy, and partnerships. Prior to joining Cloudera, he ran business development and marketing at Gazzang, an enterprise security software company that was eventually acquired by Cloudera. He brings nearly two decades of experience in enterprise software, hardware, and services marketing to Cloudera. He holds a bachelor's degree in journalism from the University of Texas at Austin.

Latest Cloud Developer Stories
The need for greater agility and scalability necessitated the digital transformation in the form of following equation: monolithic to microservices to serverless architecture (FaaS). To keep up with the cut-throat competition, the organisations need to update their technology sta...
Product connectivity goes hand and hand these days with increased use of personal data. New IoT devices are becoming more personalized than ever before. In his session at 22nd Cloud Expo | DXWorld Expo, Nicolas Fierro, CEO of MIMIR Blockchain Solutions, will discuss how in orde...
Blockchain. A day doesn’t seem to go by without seeing articles and discussions about the technology. According to PwC executive Seamus Cushley, approximately $1.4B has been invested in blockchain just last year. In Gartner’s recent hype cycle for emerging technologies, blockchai...
In his keynote at 18th Cloud Expo, Andrew Keys, Co-Founder of ConsenSys Enterprise, provided an overview of the evolution of the Internet and the Database and the future of their combination – the Blockchain. Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSy...
Leading companies, from the Global Fortune 500 to the smallest companies, are adopting hybrid cloud as the path to business advantage. Hybrid cloud depends on cloud services and on-premises infrastructure working in unison. Successful implementations require new levels of data mo...
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET News.com Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)sys-con.com!

Advertise on this site! Contact advertising(at)sys-con.com! 201 802-3021



SYS-CON Featured Whitepapers
ADS BY GOOGLE