Reports that Sony is in database leak hell – with a further 25 million users of its online entertainment service having had their credentials compromised – is serious blow to the Japanese IT giant’s credibility but, says Origin Storage, the bigger question is what other database leaks are lurking in the electronic undergrowth.
With major database incursions taking place on an almost daily basis, it is clear that current corporate security defence strategies are no longer enough.
Quite aside from the Sony double-whammy, there have been hacks of several corporates, including the Epsilon database cracking incident, in recent weeks. Regardless of what caused these incursions, it is now clear that the database security systems in active use on both sides of the Atlantic are no longer sufficient.
Most security professionals understand that a multi-layered approach can be the best option, but – until now – this was not always the most cost-effective approach. The $64,000 question, however, is what is the real solution to this pressing issue.
The answer is that a multi-layered approach need not be the expensive option that many IT managers are so fearful off. Technologies can provide a highly cost-effective solution to data that needs to be moved around, including across and even outside the office.
It’s important to understand the difference between data at rest and data on the move, as well as the need to better defend data on a centralised database.
Good security is all about deploying the optimum security for a variety of situations. With a centralised database, there may be an argument for the use of multi-level authentication technology alongside encryption, meaning that even if the encryption system is broken for whatever reason, access to the data can still be restricted.
And when IT staff have move data around on a portable basis, perhaps for backup purposes, they can use multi-level security.
What we are seeing is an obvious change in the modus operandi of hackers who are intent on extracting user credentials from as many corporates as possible.
Whatever their methodology, however, the fact is that IT managers need to raise the bar when it comes to protecting their data, and this can most cost-effectively be carried out using a mixture of security technologies.
It’s very easy to lose sight of the fact that fraudsters will always tend to gravitate towards the easiest system to crack. Put simply, this means that, if you make it difficult enough for them on your own firm’s IT systems, they will go elsewhere.