Delta Bravo Database Security features an instant Security Analysis of all databases connected to the system. Within 2 minutes of launching Delta Bravo, users can understand how their current database security levels stack up to standards ranging from PCI and HIPAA all the way up to the US Department of Defense STIG standards.
Delta Bravo instantly provides a breakdown of the security rule, scripts to validate that condition in your environment and scripts to fix it.
Delta Bravo Database Security is not doing a full IT stack compliance check- our scans are specific to the database we are connected to. We are only indicating topics which MAY be out of compliance specific to SQL, MySQL and PostgreSQL depending on the type of data which is stored in the databases.
SOX
The Sarbanes-Oxley (SOX) Act of 2002 is intended to be a revision of federal securities laws which apply to publicly traded companies. Its stated goal is “To protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the security laws, and for other purposes”. In short, it makes the companies and their leadership responsible for accurate financial reporting, much of which depends on reliable and secure information systems.
Specific to SQL server, Delta Bravo scans and monitor for the following potential SOX compliance issues:
- Access and Authentication: Only people who are authorized to use the system can access it.
- Monitoring: The capture of events such as authentication attempts, system and account changes, and backup status.
- Data Integrity: Being sure that data is not being illegally modified and is being backed up, archived or retained to preserve its integrity.
HIPAA
The Health Insurance Portability and Accountability Act of 1996 establishes a set of national standards for protecting certain individual health information. The primary goal is to ensure that individual’s health information is properly protected while allowing certain information to be securely shared for the promotion of high quality health care and to protect the public’s health and wellbeing. It covers:
- Health plans
- Health Care Clearinghouses
- Healthcare providers who conduct certain financial and administrative transactions electronically.
In order to meet HIPAA standards, the organization must constantly audit and report all access attempts and events related to the databases which contain sensitive Protected Health Information (PHI) records.
Delta Bravo scans and monitor for the following potential HIPAA compliance issues:
- Access and Authentication: Only people who are authorized to use the system can access it.
- Monitoring: The capture of events such as authentication attempts, system and account changes, and backup status.
- Data Integrity: Being sure that data is not being illegally modified at rest or in transit and is being backed up, archived or retained to preserve its integrity.
PCI
Originally released in 2004, the Payment Card Industry Data Security Standard (PCI DSS) applies to all entities involved in payment card processing who store, process or transmit cardholder data or sensitive authentication data. It is intended to minimize the risk of storing credit card data and is overseen by the Payment Card Industry Security Standards Council which is made up of representatives from most major credit card providers.
PCI DSS is made up of twelve security requirements which encompass the entire network. Specific to SQL server, Delta Bravo scans and monitor for the following potential PCI compliance issues:
- SQL default usernames and passwords
- Protection of cardholder data at rest
- Encrypted transmission of cardholder data
- Overall security of the system
- Restriction of access to cardholder data by business need to know
- Authentication access to the system
- Monitoring and recording of network access to cardholder data
Delta Bravo Database Security Summary
Delta Bravo Database Security features add instant value for administrators, line of business stakeholders and executives. Within hours, companies can significantly strengthen their security posture at the data tier.
While database security is more important than ever, it’s still an overlooked part of day-to-day administration. Security does not ship in the box and each application is unique in its SQL Server security requirements. Developers need to understand which combination of features and functionality are most appropriate to counter known threats, and to anticipate threats that may arise in the future.