Q
Manage Learn to apply best practices and optimize your operations.

How do I avert database security issues in match/merge?

Our IT organization needs to secure customer names, but also needs to conduct searches on the entire customer database to match and merge records.

If all customer data is encrypted or tokenized, an IT team cannot see the actual information to conduct merge/match...

activities in the database. But there are options that can resolve database security issues while enabling search capabilities.

Data at rest is a common security issue. Approaches include encrypting the hard drive that certain data resides on, segment ing the machine from the rest of the network, or encrypting individual files within a given machine. When the objective is to secure a database while enabling records analysis, consider placing the database on a separate physical machine.

One pixelVIDEO: Understanding database security issues

Certain fields within said database are used for searching, but are also tokenized or encrypted. If a customer named Susan also goes by Sue, her corresponding records within the database will appear to belong to different people. The encryption mechanism assigns two different values to Sue and Susan, and the text will never match. One or more users have access to the database in this situation.

To resolve the security issue, it may be easier to unencrypt the database and transfer it to a separate physical device. This allows matching and merging information directly -- no more phantom Sue -- without dealing with encrypted data. Instead, encrypt the machine where the database resides. The data is protected by virtue of the machine it lives on.

Choose a method to authenticate to the encrypted device: with a username and password, a security token, or by the physical machine authenticating to another physical machine. There are numerous viable approaches, as long as the result is that matching and merging are no longer issues on the database.

None of these scenarios is inherently difficult. Complications come from the details of the infrastructure deployment. If the organization wants to segment a certain portion of data from the rest of the network, the only limiting factor is available resources. But segmenting the data, in and of itself, is not difficult.

About the author:
Brad Casey is an expert on network security with experience in penetration testing, public key infrastructure, VoIP and network packet analysis. He also covers system administration, Active Directory and Windows Server 2008, with interest in Linux virtualization and Wireshark captures. He spent five years in security assessment testing for the U.S. Air Force. Contact him at brad1505@hotmail.com.

Next Steps

Read up on database security issues and then take this quiz to see what you learned.

This was last published in May 2015

Dig Deeper on IT compliance and governance strategies

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

How have you approached database security issues in the past?
Cancel

-ADS BY GOOGLE

SearchWindowsServer

SearchServerVirtualization

SearchCloudComputing

Close