Data is an indispensable resource for the modern enterprise. The need to make that data accessible to employees, partners, and customers via web-facing applications results in the introduction of database security vulnerabilities. Due to the relative ease with which a large store of possibly valuable information may be obtained, corporate databases are now primary targets for hackers.
Despite the fact that investment in data protection and IT security controls tends to be driven by regulatory compliance concerns, fortifying database security is inherently valuable for organizations in all industries. Without implementing and maintaining adequate database security protocols and processes, organizations cannot ensure information security and gain the trust of customers and prospective clients.
Although a significant number of database security best practices, such as database server segregation and regular database patching, are found in the requirements and recommendations of industry standards like PCI DSS and ISO 27001, many IT shops find that database compliance regulations are difficult to translate into specific actions.
As is the case with info security in general, one of the challenges of database security is striking the right balance between access control and freedom of access. Because databases are complex applications that require specialized management expertise, database security is typically not administered by security professionals; rather, it is often left to database administrators (DBAs) who may not have security expertise or full knowledge of the value of the assets contained within their databases.
Moreover, weaknesses in public-facing applications increase the susceptibility of databases to cyber attacks. In fact, the SQL injection attack, which exploits coding flaws in web applications to gain access to back-end databases, continues to be a critical database security issue for the enterprise—despite widespread awareness of the exploit.
A simple, effective way to protect web applications and the databases they access—and a method recommended by the PCI standards—is to use a web application firewall (WAF).
Incorporated into our Kona Site Defender DDoS mitigation and web security solution, Akamai's cloud-based Web Application Firewall offers users of the global Akamai Intelligent Platform a flexible and efficient layer of forward defense against web application attacks. Our full-featured WAF: