Skip navigation.

Chris Foot

Syndicate content
Remote DBA Experts Blog
Updated: 5 min 51 sec ago

Is your mobile network HIPAA compliant?

Wed, 2014-07-23 11:21

As hospital personnel continue to access patient records through mobile devices, health care organizations are taking new approaches to database security.

Assessing initial requirements
The best way for CIOs in the medical industry to measure the performance of their server protection strategies is to ensure all software deployments are compliant with the Health Insurance Portability and Accountability Act. Information Week contributor Jason Wang acknowledged the basic requirements HIPAA obligates mobile applications and networks to possess:

  • Authorized, defended user access to protected health information
  • Encryption features that hide sensitive data from unsanctioned personnel
  • Routine security updates to eliminate bugs or loopholes in the network
  • A remote access data elimination feature that can be activated by administrators in the event a mobile device is lost, stolen or compromised
  • A solid business continuity/disaster recovery framework that can be tested on a regular basis

With these points in mind, health care organizations would greatly benefit from having a third party develop an enterprise-wide mobile application for their facilities. Salesforce CRM in particular is a solid option for those looking to install such an implementation, primarily due to its reputation for having HIPAA-compliant security features.

The risks involved
Many medical professionals believe employing a mobile network will help their subordinates allot more attention to patients. While this concept may be true, there are a number of threats that left unacknowledged could infect such a system. Having a third-party company constantly conduct database active monitoring tasks is imperative to deterring the following dangers:

  • Mobile devices, as well as wearables, are easily misplaced, meaning that those who come across these mechanisms could access private patient information
  • As a number of health care providers are communicating with patients through social media – malware and other Web-based attacks could be funneled through such mediums to infect devices.
  • Because mobile keyboards are rudimentary, users are more likely to use uncomplicated passwords that can easily be unmasked.

Be a smart user
Database administration needs aside, health care companies must also provide personnel with a secure line of communication. HIT Consultant noted that text messaging is a solid way for hospital staff to transfer information quickly and on the go, but the avenue lacks the encryption technology necessary to keep these communications secure.

Installing an encoding program geared specifically toward mobile text messaging is a good move to make. However, employees should also be cognizant of the fact that they should not explicitly share vital information, if they can help it.

The post Is your mobile network HIPAA compliant? appeared first on Remote DBA Experts.

Cybercriminals using more tools, are better connected

Fri, 2014-07-18 12:05

Aside from the techniques they use, the most dangerous tool hackers have at their disposal is the ability to network with organized criminal syndicates.

Constant vigilance
Many experienced deviants who have made an unorthodox, yet profitable career out of unlawful behavior have realized that the Internet provides them with relatively safe avenues to steal money. These figures hold no biases regarding who they target, attacking enterprise servers and consumer computers.

The best way to deter these persistent criminals from succeeding is by employing database activity monitoring, malware detection software and staff members skilled in the craft of information protection. The latter factor is particularly important, as those who have encountered aggressive cyberattacks likely know how to defend networks against them.

The strength of a network
According to PC World, French and Romanian officials razed a cybercriminal organization comprised of Romanian citizens, who used malware to infect the databases of money transfer enterprises in Germany, Norway, the United Kingdom, Austria and Belgium. European law enforcement agency Europol noted the figures used remote access Trojans to infiltrate the systems, allowing them to conduct unsanctioned transactions.

The Romanian Directorate for Investigating Organized Crime and Terrorism (DIICOT), reported that the illicit organizations would deliver fictitious money transfers from sham people to real recipients. In one instance, a franchisor lost $800,000 as a result of the scheme.

Government-grade tactics
Cybercriminals are recognizing that enterprises have been tightening database security in response to such attacks, leading them to utilize more sophisticated techniques. ZDNet contributor Charlie Osborne referenced Gyges, a form of espionage malware engineered by government developers, as being one of the most difficult deployments to detect.

She cited a recent report conducted by Sentinel Labs, which surmised that the malicious software likely originated from Russia and is "virtually invisible." The program can remain active for long periods of time, unbeknown to victims. Hackers are now reengineering Gyges to create more advanced ransomware and rootkits, the latter of which are codes that shield covert processes from detection.

One of the characteristics that makes Gyges so tricky is its ability to infiltrate systems when users remain inactive, a significant digression from processes employed by conventional malware. In addition, Gyges is capable of transporting other forms of malicious code that can be initiated once the desired target has been reached.

Between organized criminal networks and government-grade malware at the disposal of cybercriminals, it's safe to say organizations need to find ways to optimize their database protection.

The post Cybercriminals using more tools, are better connected appeared first on Remote DBA Experts.

What to look for in a cloud database security company

Thu, 2014-07-17 12:58

Companies new to the world of cloud computing often express apprehension in regard to security.

Unsure as to how internal teams are supposed to deploy effective protection, a number choose to outsource to database administration services capable of monitoring all network and server activity around the clock. As there are so many such companies to choose from, some enterprises are unclear as to what they should be looking for.

Seek clarification
Gilad Paran-Nassani, a contributor to SYS-CON, acknowledged the puzzle organizations encounter when weighing cloud deployment capabilities with IT defenses. He outlined a number of points leaders should be sure to cover before signing a contract with a database security provider:

  1. Define who can access information: In addition to assigning company personnel the authorization codes, organizations should get a clear idea of who on the DBA end of the operation can obtain and view data. Any opacity in this regard should be thoroughly assessed.
  2. Know how data is encrypted in the cloud: The CIO and managers of the DBA service should sit down and outline how information will be hidden during transfers. Make sure there are no loopholes in the procedure and that it can be adjusted to new security needs.
  3. Conduct a background check: Get into contact with the prospective DBA's customers and ask them questions regarding their own experiences. In addition, ask the business to provide a list of any credentials pertaining to cloud platform protection.

What to look for
When seeking out a company that can provide remote database management for cloud environments, or on-premise solutions for that matter, there are a number of enterprise characteristics businesses should favor. MSPmentor contributor Michael Brown outlined four elements executives should look for when speaking with DBA services face-to-face:

  1. A fundamental concept: If the professionals on the other end of the table have a unique approach to how they tackle security, then they're most likely a sure bet.
  2. Honesty: A cloud security provider that acknowledges past mistakes and explains how it has evolved from those mishaps is filled with motivated, adaptable individuals.
  3. Transparency: When answering tough questions, a DBA should divulge its capabilities and shortcomings so trust can be quickly established.
  4. Commitment: Dedication should go beyond day-to-day security amenities. A DBA must seek ways to improve protection while ensuring system workability on a consistent basis.

As one can observe, selecting the right DBA to protect enterprise cloud environments requires human characteristics as well as technical ability. These considerations will help organizations find the right fit.

The post What to look for in a cloud database security company appeared first on Remote DBA Experts.

Oracle users may require remote database management

Fri, 2014-07-11 10:01

A reputed professional recently discovered a bug in one of Oracle's key security implementations, which may prompt some of its customers to seek active database monitoring solutions. 

A good start, but needs work 
According to Dark Reading, David Litchfield, one of the world's most well-recognized database protection experts, recently discovered a couple of faults in Oracle's redaction feature for its 12c servers. The defensive measure allows database administrators to mask sensitive information from malicious figures.

Although Litchfield regarded the feature as a good deployment, he asserted that a highly skilled hacker would be capable of bypassing the function. He noted that employing a type of Web-based SQL injection is a feasible way for an unauthorized party to gain access to information. Litchfield is expected to demonstrate this technique among others at Black Hat USA in Las Vegas next month. 

"To be fair, it's a good step in the right direction," said Litchfield, as quoted by the source. "Even if a patch isn't available from Oracle, it's going to protect you in 80 percent of the cases. No one really know how to bypass it at this point."

Constant surveillance
Although Oracle is working to mitigate this problem, enterprises need to wonder what's going to protect them from the other 20 percent of instances. Having a staff of remote database support professionals actively monitor all server activity is arguably the most secure option available. 

Specifically, Oracle customers require assistance from those possessing the wherewithal to defend databases from SQL injection attacks. Network World outlined a few situations in which this invasive technique has caused harrowing experiences for retailers:

  • In the winter of 2007, malware was inserted into Heartland Payment Systems' transaction processing system, resulting in 130 million stolen card numbers. 
  • In early November 2007, Hannaford Brothers sustained a malicious software attack that led to the theft of 4.2 million card access codes.
  • Between January 2011 and March 2012, a series of SQL injection endeavors against Global Payment Systems incited $92.7 million in losses. 

Take the simple steps 
Network World acknowledged the importance of treating routine processes as critical features. For example, forgetting to close a database after testing the system for vulnerabilities is negligence that can't be afforded to transpire. 

In addition, it's imperative that enterprises understand the mapping of their database architectures. This protocol can be realized when organizations employ consistent surveillance of all activity, allowing professionals to see which channels are the most active and what kind of data is flowing through them. 

The post Oracle users may require remote database management appeared first on Remote DBA Experts.

Hurricane season: The need for disaster recovery

Wed, 2014-07-09 07:42

As hurricane season gets longer and businesses grow more reliant on technology, having a smart disaster recovery plan in place is essential. A major part of maintaining database security involves ensuring that the system can be rebooted or accessed in the event of a major power outage. 

Not prepared 
Eric Webster, a contributor to Channel Partners Online, referenced a survey of 600 small and medium-sized businesses conducted by Alibaba.com, Vendio, and Auctiva in 2013, noting that 74 percent of respondents have no DR/business continuity plan in place. Another 71 percent of SMBs lack a backup generator to keep the data center running. 

Essentially, this means that a large number of enterprises won't be able to conduct any activities in the event their operations shut down. Because technology is so heavily integrated into day-to-day workflows, professionals don't realize how mission critical databases are until they can't be accessed anymore. 

Battening down the hatches 
So, what can be done to prepare for a data center outage? TechRadar noted that implementing a DR/BC strategy involves a step-by-step process:

  1. If working with a cloud services provider, partner with a company known for building accessible, recoverable infrastructures.
  2. Set up data centers in easily reachable, strategically placed locations to exercise a low risk of failure.
  3. Figure out whether a dedicated communications link or a virtual private network is the best way to connect with databases.
  4. Regularly conduct tests on the system, which should be measured by performance and task completion. 

Outsourcing responsibility 
Webster acknowledged the benefits of hiring a remote database support service to initiate DR/BC tests, manage and organize recovery strategies and monitor databases 24/7/365. 

The key advantage of outsourcing to a managed services provider is that in the event a major storm is forecasted, database administrators can quickly implement backup strategies so that applications, stored information and platforms aren't lost. 

Another "aaS" 
With DBAs in mind, it's important to acknowledge that many such professionals now offer Recovery-as-a-Service, working with cloud environments to launch and maintain DR/BC. Webster outlined how this process works:

  • An enterprise's tangible and/or virtual databases deliver images of their environments to the cloud on a regular basis
  • If a super storm shuts down a data center, its virtual version can be maintained by and accessed through the cloud environment. 

Webster acknowledged that this service model is more affordable than conventional DR/BC strategies. Recovery can occur more quickly and separate hard disks containing data identical to the information in on-premise servers don't need to be used. 

The post Hurricane season: The need for disaster recovery appeared first on Remote DBA Experts.

Malware stirs database security concerns for banks

Thu, 2014-07-03 13:40

In an effort to keep up with the times, many financial institutions have implemented e-banking applications that allow customers to access and manage their finances on the Web or through their smartphones.

Although electronic solutions may boost satisfaction rates and make it easier for account holders to transfer funds, they can cause major database security woes if proper protective measures aren't taken. As of late, there have been two kinds of malware banks have had to contend with.

Attacking the mobile arena
Because it's easy for consumers to get caught up in the luxury of viewing checking information on their smartphones, many forget to follow necessary, defensive protocols. According to ITPro, a new remote access Trojan, named com.II, is targeting Android devices and zeroing in on users with mobile banking applications. 

The source noted that the malware abides by the following process:

  1. Undermines any security software that's installed
  2. Scans the device for eBanking programs
  3. Replaces any such tools with fraudulent ones
  4. Implements fabricated application updates
  5. Steals and delivers short message service notifications to access contact lists.

Combating surveillance
Paco Hope, principal consultant with Cigital, a firm based in the United Kingdom, surmised that the malicious software could infect global banking populations, as it's capable of being manipulated to abide by different languages.

To prevent the program from entering bank accounts and stealing funds, active database monitoring should be employed by enterprises offering e-banking apps. Com.II has the ability to conduct thorough surveillance of individual checking and savings records, allowing the malware's administrators to potentially carry out transactions. 

Under the radar
Many programmers harboring ill intentions have found a way to make malicious software basically unrecognizable. MarketWatch acknowledged a new breed of malware, dubbed Emotet, that tricks people into giving it access to bank accounts. The news source outlined the deployment's protocol.

  1. Spam messages are sent to victims' emails
  2. The contents of those notices detail financial transactions and include links
  3. Upon clicking the link, the malware activates code that sits in browsers
  4. Once a person visits a bank website, the program can monitor all activity

Trend Micro Vice President of Technology and Solutions JD Sherry asserted that the language used within the encoded messages appears authentic. This makes it easy for individuals to fall victim to the scam.

The administrator's side of the equation
Although it's important for e-banking customers to install adequate malware protection programs, the enterprises administering electronic solutions must find a way to defend their accounts. Constant database surveillance needs to be employed so that security breaches don't get out of hand in the event they occur.

The post Malware stirs database security concerns for banks appeared first on Remote DBA Experts.

Leveraging Collective Knowledge and Subject Matter Experts to Improve the Quality of Database Support

Wed, 2014-07-02 06:10

The database engine plays a strategic role in the majority of organizations. It provides the mechanism to store physical data along with business rules and executable business logic. The database’s area of influence has expanded to a point where it has become the heart of the modern IT infrastructure. Because of its importance, enterprises expect their databases to be reliable, secure and available.

Rapid advances in database technology combined with relatively high database licensing and support costs compel IT executives to ensure that their organization fully utilizes the database product’s entire feature set. The more solutions the database inherently provides, the more cost effective it becomes. These integrated features allow technicians to solve business problems without the additional costs of writing custom code and/or integrating multiple vendor solutions.

The issue then becomes one of database complexity. As database vendors incorporate new features into the database, it becomes more complex to administer. Modern database administrators require a high level of training to be able to effectively administer the environments they support. Without adequate training, problems are commonplace, availability suffers and the database’s inherent features are not fully utilized.

The Benefits of Collective Knowledge

Successful database administration units understand that providing better support to their customers not only comes from advances in technology but also from organizational innovation. The selection of support-related technologies is important, but it is the effective implementation and administration of those technologies that is critical to organizational success.

Database team managers should constantly leverage the collective knowledge of their entire support staff to improve the quality of support the team provides and reduce the amount of time required to solve problems.

One strategy to build the team’s expertise is to motivate individual team members to become Subject Matter Experts in key database disciplines. This strategy is performed informally hundreds of times in IT daily. A support professional is required to perform a given task and “gets stuck”. They spin their wheels and then decide to run down the hall and find someone they feel can provide them with advice. They consult with one or more fellow team members to solve the problem at hand.

The recommendation is to have a more formal strategy in place so that each team member, in addition to their daily support responsibilities, becomes a deep-dive specialist in a given database discipline. Their fellow team members are then able to draw from that expertise.

Increasing the Efficiency of Support- Subject Matter Experts

The database environment has become so complex that it precludes database administrators from becoming true experts in all facets of database technology. RDX’s large administrative staff allows it to increase efficiency by creating specialists in key database disciplines. In addition to expertise in providing day-to-day support, each of RDX’s support staff members is required to become an expert in one or more database disciplines including backup and recovery, highly available architectures, SQL tuning, database performance, database monitoring, UNIX/Windows scripting and database security.

RDX allocates the support person with the highest-level skill sets in that particular task to provide the service requested by the customer. This methodology ensures that the customer gets the most experienced person available to perform complex tasks. Who do you want to install that 5 node Oracle RAC cluster? A team member that has limited knowledge or one that has extensively studied Oracle’s high availability architecture and performs RAC installations on a daily basis?

Although your team may only consist of a ½ dozen administrators, that doesn’t mean that you aren’t able to leverage the benefits that the Subject Matter Experts strategy provides. Identify personnel on the team that are interested in a particular database support discipline (i.e. security, database performance, SQL Performance, scripting, etc.) and encourage them to build their expertise in those areas. If they are interested in high availability, send them to classes, offer to reimburse them for books on that topic and/or allocate time for them to review HA specific websites. Focus on the areas that are most critical to the needs of your shop. For instance, is your company having lots of SQL statement performance problems? A sound strategy is to have one of your team members focus on SQL tuning and support them throughout the entire educational process.

Also consider special skills during the DBA interview and selection process. At RDX, we always look for candidates that are able to provide deep-dive expertise in key database support disciplines. We have several DBAs on staff that have strong application development backgrounds including SQL performance tuning. This was in addition to possessing a strong background in database administration. We use the same strategy for HA architectures, and we look for candidates that have strong skills in any database advanced feature. We’re able to leverage that expertise for the customer’s benefit. The same strategy can be applied to any size team. Look for candidates that excel in database administration but are also strong in key areas that will improve your ability to support your internal customers.

In addition, you can also draw expertise from other teams. For example, you may have access to an application developer who is strong in SQL coding and tuning or an operating system administrator that excels in scripting. Build relationships with those personnel and leverage their experience and skill sets when needed. Ask them to provide recommendations on training to your team or assist when critical problems occur. Technicians are usually more than happy to be asked to help. Just make sure to be courteous when asking and thank them (and their manager) when they do help out.

Reducing Downtime Duration by Faster Problem Resolution

RDX’s large staff also reduces the amount of time spent on troubleshooting and problem solving. RDX is able to leverage the expertise of a very large staff of database, operating system and middle-tier administrators. Additionally, RDX is able to leverage the team’s expertise to provide faster resolution to database performance issues and outages. Since the support staff works with many different companies, they have seen a number of different approaches to most situations.

Ninety-nine percent of our support technicians work at the same physical site. This allows RDX to create a “war room” strategy for brainstorming activities and problem solving. All technicians needed to create a solution or solve a problem are quickly brought to bear when the need arises. Support technicians come from varied backgrounds and have many different skill sets. RDX is able to leverage these skills without having to search for the right person or wait for a return call. Work can take place immediately.

This “war room” strategy works for any size team. When a significant issue occurs, leverage the entire team’s skill sets. Appoint yourself to be the gate keeper to ensure that the team remains focused on the goal of quick problem resolution and that the conversation continues to be productive. Brainpower counts, and the more collective knowledge you have at your disposal, the more effective your problem resolution activities become.

Conclusion

Corporate information technology executives understand that their success relies upon their ability to cut costs and improve efficiency. Decreasing profit margins and increased competition in their market segment force them to continuously search for creative new solutions to reduce the cost of the services they provide. They also realize that this reduction in cost must not come at the expense of the quality of services their organization delivers.

RDX invites you to compare the benefits of our organizational architecture and quality improvement initiatives to our competitors, your in-house personnel or your on-site consultants. We firmly believe that our Collective Knowledge Support Model allows us to provide world class support.

The post Leveraging Collective Knowledge and Subject Matter Experts to Improve the Quality of Database Support appeared first on Remote DBA Experts.

Microsoft’s database administration strengthens BYOD security

Tue, 2014-07-01 11:02

The prevalence of the bring-your-own-device trend has incited new database security concerns while simultaneously improving employee performance. 

Enterprises don't want to sacrifice worker productivity and happiness simply because server activity can't be properly managed. There's no reason to abandon BYOD. All it requires is assiduous surveillance, new usage protocols and network optimization. 

The biggest concern comes within 
Every organization has at least one staff member who couldn't be more dissatisfied with his or her current work situation. The idea of the disgruntled employee may seem somewhat cartoonish, but it's important that businesses consider the situation as a serious threat to data confidentiality. 

Chris DiMarco, a contributor to InsideCounsel, acknowledged that mobile devices can be useful assets to personnel harboring ill intentions. David Long-Daniels, co-chairman of Greenberg Traurig's Global Labor & Employment Practice, noted that malicious activity can be carried out through smartphones in a number of ways, and it all starts with willingly sharing information. 

"What happens if an individual leaves and you don't have a policy that allows you to wipe their device?" Long-Daniels posited, as quoted by the source. 

Set up a protocol 
Thankfully, there's a way you can deter malevolent employees from stealing critical information. Bret Arsenault, CIO of Microsoft and contributor to Dark Reading, noted that the software developer has successfully deterred deviancy by implementing database active monitoring and segregating personal and corporate data. He acknowledged that any device accessing company email must:

  • Encrypt the information on the mechanism
  • Be activated by a PIN
  • Enable remote management and application updates to protect Microsoft's programs

Handling transactions off-premise has been a significant boon for Microsoft. The organization consistently deploys products that act as administrators between its own databases and the personal devices of employees. In addition, the solution allows Microsoft to remove any corporate intelligence from devices in the event the user leaves the enterprise. 

Implement an access strategy 
Depending on what hardware an employee is using and how trustworthy a worker is deemed to be, Microsoft defines how much database access a person will receive. Arsenault maintained that the business asks the following questions:

  • What kind of email solution is an individual using? Is it personal or corporate?
  • Is his or her device managed and authenticated by Microsoft or handled solely by the employee?
  • Is the mechanism being used from a known or unidentified location?

With the aforementioned approaches in mind and sound remote database support at their backs, enterprises will be able to benefit from the flexible workflow BYOD offers without suffering from security woes. 

The post Microsoft’s database administration strengthens BYOD security appeared first on Remote DBA Experts.

Recent attacks show public authorities need tighter database security

Fri, 2014-06-27 11:52

Although cyberwarfare seems like something out of a science fiction movie, the threat is a legitimate concern for public authorities. 

Database active monitoring appears to the be only way in which governments can adequately defend themselves against well-coordinated cyberattacks. Having a team of administrators oversee server activity 24/7/365 is a good form of protection against assiduous criminals and persistent, covert operatives. 

An unsettling visualization 
According to ExtremeTech, a simulation detailing millions of global cyberattacks supported many people's assumptions that the United States sustains the bulk of database infiltration attempts.

The real-time demonstration was developed by Norse, a network security company that took information from its "honeypot" database – a tempting target that traps incoming infiltration data. The simulation discovered that:

  • The bulk of attacks originate from China, directed at the U.S.
  • The U.S.'s own hack attempts are more dispersed, targeting different countries

Supporting Norse's map 
Because the representation was developed from Norse's own sources, what constitutes an attack and how often government agencies attack the U.S. is slightly ambiguous. Also, the nature of the endeavors varies considerably – from malware to phishing scams. 

However, the source noted that in 2012, the Department of Defense maintained that it sustained 10 million cyberattacks a day. The National Nuclear Security Administration experienced database security worries of its own, reporting nearly the same amount of infiltration attempts. 

A clear example 
Those who believe the NNSA, DOD and other federal agencies are the only organizations targeted by governments are sadly mistaken. Oregon Live reported that the Oregon Secretary of State's website was attacked a week prior to authorities realizing that anything was wrong. The ordeal occurred in February. 

As a result, the entity suspended public access to two databases for several weeks, asserting that a foreign actor had penetrated the system. The news source acknowledged that authorities believe the attack originated from North Korea or China. 

"We do suspect that's where it's from, but we don't know, and the FBI is the one who is looking at the IP addresses, not us," said Oregon Secretary of State spokesman Tony Green, as quoted by the source. "We have not heard back from law enforcement about whether or not they have definitive information on where the attacks came from."

Being proactive 
State authorities lacking the resources necessary to actively monitor all server activity should consider investing in remote database management services. Knowing what hackers are looking for, the techniques they're utilizing and where they're operating is imperative to maintaining the sanctity of critical information. 

The post Recent attacks show public authorities need tighter database security appeared first on Remote DBA Experts.

Simplifying the Auditing Compliance Process – Database Activity Monitoring Series pt. 4 [VIDEO]

Fri, 2014-06-27 07:46

Hi and welcome to the last video in our Database Activity Monitoring series where we discuss how Database Activity Monitoring streamlines our customers’ auditing compliance process. We previously touched on how our ongoing vulnerability assessments help organizations gain greater visibility into their database activity.

Our vulnerability assessments provide detailed security analyses of all databases instances and can identify current threats in our clients’ environments. This makes it easier to demonstrate compliance to auditors and helps simplify the auditing process.

RDX creates custom checks and reports to reflect specific needs for internal and regulatory audits. We also can log any access to sensitive data, including complete transaction details, for audit purposes. These features help our customers better prepare and respond to compliance audits and save them valuable time and money, as a result.

So there you have it – our Database Activity Monitoring service and all its different components. Still have questions? Don't hesitate to contact us by using the 'QuickConnect' button at the top right-hand corner of the page. We're happy to talk to you about how our database security services can help you keep your organization's databases the safest they've ever been.

Thanks for watching, and see you next time!
 

The post Simplifying the Auditing Compliance Process – Database Activity Monitoring Series pt. 4 [VIDEO] appeared first on Remote DBA Experts.

Meeting government mandates with remote database management

Fri, 2014-06-27 07:21

In response to recent data breaches, state lawmakers have proposed new legislature that would require businesses to provide disclosures to their customers in the event of an attack.

Overseeing operations
As can be expected, enterprises would prefer that their information not be hacked at all, causing many to search for database active monitoring solutions. Scrutinizing server activity around the clock is becoming a necessity as opposed to an asset that was once "nice to have."

If a company can't adequately provide authorities with details concerning a successful data infiltration attempt, it may have to face serious repercussions. Worst of all, it will have no way of knowing where the information was taken from, which customers were affected by the breach and what caused the vulnerability in the first place.

A popular measure
According to Inside Counsel, Kentucky recently became the 47th state to enact a law that requires organizations to inform their customers in the event of a data breach. The enactment of the measure leaves Alabama, South Dakota and New Mexico as the only three states that have yet to put such legislature into effect.

The news source noted that Kentucky Governor Steve Beshear signed the bill designed to protect personally identifiable information of the Bluegrass State's residents. In addition, the law mandates that cloud service providers supporting environments for public educational institutes (grades K-12) make a concentrated effort to protect student information.

Tactics to implement
Natasha Clark, a contributor to Business Technology, outlined a few ways in which enterprises can exercise thorough database security. Most of these tasks must be carried out by professionals, such as remote DBA experts who can launch solutions without having to go on-premise.

  1. Executing multiple backups on a regular basis will ensure that all data can be recovered in the event that it's lost or stolen.
  2. Having dedicated database administrators analyze logged information will ensure that no malware slips under the radar.
  3. Figuring out what is being protected is essential to weighing risk, enabling professionals to determine whether or not databases will be targeted by specific contingencies.
  4. Deploying active monitoring software to automatically search for threats can assist teams working remotely.
  5. Reviewing the authorities and restrictions given to database management personnel helps mitigate the severity of accidents caused in-house.

With constant monitoring, companies will be able to prevent data breaches from occurring, proactively satisfying the demands of government entities. Dedicating personnel to the security and confidentiality of customer data is the wisest choice for business leaders who don't want to have to contend with a public relations nightmare.

The post Meeting government mandates with remote database management appeared first on Remote DBA Experts.

Study reveals that comprehensive database administration is needed

Thu, 2014-06-26 02:13

A huge part of securing data is knowing where the information is being stored and how it's shared among professionals. Ideally, database experts should be working 24/7, 365 days a year to monitor all server activity and contents. 

Grievous consequences
According to PC Magazine, the Montana Department of Public Health and Human Services recently sustained a data breach in which the personal information of 1.3 million people was exposed. Much of the data consisted of:

  • Names
  • Social Security numbers
  • Treatment history
  • Health statuses
  • Insurance

"Out of an abundance of caution, we are notifying those whose personal information could have been on the server," said DPHHS Director Richard Opper, as quoted by the source. 

A lack of understanding 
The problem lies in the jargon used by Opper. "Could have been" implies that the DPHHS has no way of knowing who exactly was affected by the attack. Although questionable activity was identified on May 15 – with a subsequent investigation being conducted seven days later – the breach could have been prevented if enough clarity regarding the system existed. 

Ponemon Institute recently conducted a survey of 1,587 global IT and IT security practitioners, which discovered that a mere 16 percent of respondents know where sensitive structured data is held. Even fewer study participants (7 percent) definitively know where unstructured information is located. 

Not taking appropriate measures 
After asking respondents which protective protocols were poorly executed, the Ponemon Institute discovered that: 

  • Almost three-fourths (72 percent) failed to adequately oversee intelligence sharing 
  • Approximately 63 percent were unsuccessful when assigning and refusing access permissions to staff. 
  • Just under 64 percent inadequately implemented database policy algorithms and application enhancements 

Constant surveillance
Many enterprises recognize the danger of neglecting to monitor server contents and access. Having IT personnel drop in every so often to scrutinize the system isn't enough to deter assiduous cybercriminals. A company should dedicate an entire team of database administration professionals to giving servers the attention they require.

As far as what IT professionals needed more of, 76 percent of Ponemon respondents identified real-time monitoring as a critical asset for them to possess. A focus on automation was realized across the board, with survey participants requiring data discovery and protocol workflow to be proactively conducted. 

Intelligence diagnostics, thorough vision of all database assets and integrated protective analysis were also cited as key enterprise needs. 

Knowing where data is stored, how it's transferred between professionals, who has access to an environment and the contents of encrypted information requires the expertise of database administration services. A team of professionals focused solely on monitoring all server activity is imperative in a world rife with cybercriminals. 

The post Study reveals that comprehensive database administration is needed appeared first on Remote DBA Experts.

Ongoing Database Security Services Provide Greater Visibility: Database Activity Monitoring Series pt. 3 [VIDEO]

Tue, 2014-06-24 08:38

Hi and welcome back to the RDX blog, where we’re deep in a series about our Database Activity Monitoring services and how these services allow our customers to gain full visibility into their database activity.

We’ve previously touched on how we integrated the advanced features of McAfee’s security products to provide our customers with a 24×7 customizable Database Activity Monitoring solution that alerts customers to threats in real time.

In addition to all of that, we also provide ongoing services, such as new threat analyses, vulnerability scans, database and OS patching services and database activity monitoring reports.

Vulnerability assessments help us give you detailed information you can put into action immediately, helping you prioritize and remediate security gaps., and we schedule them on an ongoing basis to prevent future vulnerabilities. You will be notified about any unprivileged users or programs, and they will be quarantined in real time, preventing any further access into the database.

These assessments make demonstrating compliance to auditors much easier, and we’ll touch on this in our next video, the last part of our Database Activity Monitoring series. Thanks for watching, and stay tuned!

The post Ongoing Database Security Services Provide Greater Visibility: Database Activity Monitoring Series pt. 3 [VIDEO] appeared first on Remote DBA Experts.

SQL vs. NoSQL: Which is best?

Tue, 2014-06-24 01:33

The manner in which information is accessed – as well as how fast it's procured – depends on the day-to-day needs of organizations. Database administration services often help businesses decide whether Not Only Structured Query Language (NoSQL) or conventional Structured Query Language is needed to optimize data-related operations. 

SQL 
SQL servers, also known as relational databases (RDBMS) have been around for the longest time, with companies such as Oracle and Microsoft developing the structures. The Geek Stuff acknowledged a few key components of the technology: 

  • RDBMS are table-based structures, representing data in columns and rows
  • They possess an underlying pattern or protocol to access and read the information
  • Scaled vertically, SQL databases are accessed by increasing hardware power
  • Good for intricate, extensive queries
  • Vendors typically offer more support for RDBMS, as it is a popular, familiar solution. 

NoSQL 
Relatively new to the sector, NoSQL runs off of unstructured query language. MongoDB, the most popular provider of NoSQL databases, explained that they were developed to better handle large sets of different data types. Primary functions of the technology are dictated below:

  • Can consist of four primary types: document, graph stores, key-value (in which every item in the database is stored with a name and its worth), or wide column
  • Do not subscribe to schemas or preset rules
  • Scaled by combining the computational power of other machines to reduce load stress – also known as "scaling out" 
  • Outside experts are hard to come by, but database support services can provide users with efficient knowledge. 

As they stand in the market 
Visual Studio Magazine referenced a survey of 500 North American software developers by Database-as-a-Service (DBaaS) company Tesora, which discovered that 79 percent of respondents were using SQL database language. The study itself focused on how the two programming interchanges were utilized by those working with private or public cloud environments. 

"Going forward, this gap can be expected to close since NoSQL databases have only been on the market for a few years or less, as opposed decades for some of the incumbents," acknowledged the report, as quoted by VSM. 

One better than the other? 
For those handling a mix of unstructured, structured and semi-structure data, NoSQL is most likely the way to go. Those managing number-based information should see major benefits from using SQL. 

However, it's important to remember that the processing power of tangible servers is increasing at a slower rate than it was ten years ago. Because NoSQL optimizes the use of these machines by pooling computing power, it may be the better choice for those worried about the future. 

The post SQL vs. NoSQL: Which is best? appeared first on Remote DBA Experts.

Customizing a Database Activity Monitoring Solution: Database Activity Monitoring Series pt. 2 [VIDEO]

Sat, 2014-06-21 13:32

Real-time monitoring means constant protection from potential threats, and at RDX we customize database activity monitoring to fit our customers’ unique security requirements.

First, we hold fact finding meetings during the customer integration process to learn our customers’ database security requirements and internal practices. Then we educate our customers on the installation and configuration of the security monitoring architecture which utilizes an RDX supplied security appliance.

Next, we work with our customers to determine which event notifications and escalation procedures are best for their database environments. They can set notification rules about the time of day a database is accessed, certain users who access it, and the computers and programs used to access it, among hundreds of other customizable parameters.

After implementation, our team of dedicated professionals provide 24×7, 100% onshore monitoring of your database environments and will alert you to any activities that violate your predetermined security parameters.

We also provide our customers with ongoing database security services. Find out more about these in our next video!

The post Customizing a Database Activity Monitoring Solution: Database Activity Monitoring Series pt. 2 [VIDEO] appeared first on Remote DBA Experts.

What is Database Activity Monitoring?: Database Activity Monitoring Series Kick-off [VIDEO]

Fri, 2014-06-20 13:56

Today we're kicking off a series on Database Activity Monitoring. As your database administrators, safeguarding customer data is our highest priority. That’s why we offer 24×7 Database Activity Monitoring services, which allow organizations to gain full visibility into all database activity.

At RDX, we’ve partnered with McAfee, the world’s largest dedicated security company, to bring our customers the highest level of database activity monitoring. RDX has integrated the features and functionality provided by McAfee’s database security products into its support environment to give our clients visibility into all database activity, including local privileged access and sophisticated attacks from within the database itself.

Not only that, we help you save money on a security monitoring support architecture, because our Proactive Monitoring and Response Center provides 24X7, real-time security alert monitoring and support by around-the-clock staff members who are onsite, onshore, and 100 percent dedicated to protecting your organization's core assets..

This constant monitoring also helps us receive alerts of attacks in real time and terminate sessions that violate predetermined security policies.

We customer tailor a database activity monitoring solution to fit each customer’s unique needs – which we'll touch on in our next video!
 

The post What is Database Activity Monitoring?: Database Activity Monitoring Series Kick-off [VIDEO] appeared first on Remote DBA Experts.

What is Database Activity Monitoring?: Database Activity Monitoring Series Kick-off [VIDEO]

Fri, 2014-06-20 13:56

Today we're kicking off a series on Database Activity Monitoring. As your database administrators, safeguarding customer data is our highest priority. That’s why we offer 24×7 Database Activity Monitoring services, which allow organizations to gain full visibility into all database activity.

At RDX, we’ve partnered with McAfee, the world’s largest dedicated security company, to bring our customers the highest level of database activity monitoring. RDX has integrated the features and functionality provided by McAfee’s database security products into its support environment to give our clients visibility into all database activity, including local privileged access and sophisticated attacks from within the database itself.

Not only that, we help you save money on a security monitoring support architecture, because our Proactive Monitoring and Response Center provides 24X7, real-time security alert monitoring and support by around-the-clock staff members who are onsite, onshore, and 100 percent dedicated to protecting your organization's core assets.

This constant monitoring also helps us receive alerts of attacks in real time and terminate sessions that violate predetermined security policies.

We customer tailor a database activity monitoring solution to fit each customer’s unique needs – which we'll touch on in our next video!
 

The post What is Database Activity Monitoring?: Database Activity Monitoring Series Kick-off [VIDEO] appeared first on Remote DBA Experts.

Customizing a Database Activity Monitoring Solution: Database Activity Monitoring Series pt. 2 [VIDEO]

Fri, 2014-06-20 13:32

Real-time monitoring means constant protection from potential threats, and at RDX we customize database activity monitoring to fit our customers’ unique security requirements.

First, we hold fact finding meetings during the customer integration process to learn our customers’ database security requirements and internal practices. Then we educate our customers on the installation and configuration of the security monitoring architecture which utilizes an RDX supplied security appliance.

Next, we work with our customers to determine which event notifications and escalation procedures are best for their database environments. They can set notification rules about the time of day a database is accessed, certain users who access it, and the computers and programs used to access it, among hundreds of other customizable parameters.

After implementation, our team of dedicated professionals provide 24×7, 100% onshore monitoring of your database environments and will alert you to any activities that violate your predetermined security parameters.

We also provide our customers with ongoing database security services. Find out more about these in our next video! 

The post Customizing a Database Activity Monitoring Solution: Database Activity Monitoring Series pt. 2 [VIDEO] appeared first on Remote DBA Experts.

Mobile applications can be a boon for businesses

Thu, 2014-06-19 11:32

As there are thousands of unique businesses active today, each providing specific services or products to consumers, creating mobile applications directly related to their practices seems feasible.

The task is of course easier said than done. Platform-as-a-Service offers organizations the environment in which to create smartphone and tablet tools. However, monitoring such a system will likely require the expertise of database administration services that specialize in cloud deployments.

Why mobile matters
Although having a mobile application won't wholly determine whether a company is successful or not, it wouldn't hurt it to have one. Harvard Business Review referenced a 2012 survey of 1,051 U.S. smartphone users aged 13 to 54 conducted by AOL and advertising agency BBDO. The study discovered that:

  • Nearly half (48 percent) of all consumers spent an average 864 minutes using their smartphones to seek entertainment.
  • Just under 20 percent spent time socializing with other people using the devices.
  • Approximately 12 percent leveraged their machines to find a product or service

Because smartphone purchase rates have been increasingly steadily each year, the manner in which the units are used is becoming more diverse. It can only be expected that people will continue to shop more on their phones, or at least search for items.

Constructing ubiquitous brands
Developing and launching unique mobile applications can help organizations boost their prevalence in the market. According to Natasha Clark, a contributor to BusinessTechnology, around 30,000 such tools are implemented every month, meaning that more competitors are trying to gain stronger favor among consumers.

Where does the market lie?
What kinds of applications a business develops depends on its primary practices and which consumers it's targeting. Companies in the service industry have acquired positive return on investment from the endeavor. Clark referenced a tool created by Eccleston Square Hotel in London, which provides guests with:

  • Room service
  • A map and direction feature
  • A popular attractions section
  • Dining recommendations
  • General hotel information

"Nowadays, people use mobiles more than the website on a desktop," said Eccleston Square Hotel Company Director Olivia Byrne told Clark. "Our app has lots more functions, and the fact that it stays on the phone after checkout is a constant reminder of our hotel."

Providing a solid platform
Depending on how complex and flexible enterprises want their mobile applications to be, it could be in their best interests to seek consultation from DBA services. The environments needed to create modern smartphone tools can be quite complicated, so having a dedicated team monitor them is essential.

The post Mobile applications can be a boon for businesses appeared first on Remote DBA Experts.

Manufacturers: The Internet of Things is here

Tue, 2014-06-17 12:58

All too often, the Internet of Things is referred to as an anticipated technology that manufacturers haven't quite figured out how to handle yet. However, production companies distributed throughout the United States are leveraging IoT to improve operations and maintain an accurate, real-time record of all assets.

Implementing hundreds of data-producing sensors across an entire factory necessitates the development of an environment that can adequately handle the information. Database administration has become a valued asset to thousands of organizations running analytics programs. For a company that focuses on how to better produce goods, outsourcing to to professionals specializing in DBA appears to be a viable option.

Supporting a new industrial economy
Strategy and Business noted that many economists have expressed optimism regarding the U.S. manufacturing economy. Specialists have cited competitive wages, factory construction and enterprises' desires to reduce supply chain expenses as reasons to celebrate.

Although the positivity has some grounds for support, the news source maintained that software and automation will be the primary drivers of the U.S. production industry's rebound. This shift in large-scale fabrication isn't necessarily supported by routine improvement of conventional operations, but spearheaded by fundamental changes in how the 21st century factory organizes itself.

An elemental transformation
Many contemporary factories are already operating under the guidance of software specialists. The best way to perceive the situation is to imagine that all the machines in a facility are connected to a single command center. If a sensor identifies an issue – minor or major – with a particular instrument, a notification is automatically delivered to the hub, where engineers can assess the problem remotely.

The proper way to leverage IoT
Although many manufacturers are leveraging IoT, those that are new to the process may be left befuddled by the seemingly endless vat of data at their disposal. DBA services can provide guidance to enterprises before utilizing data analytics and state-of-the-art software. In addition, AutomationWorld contributor Dave Greenfield outlined four steps every production company should take to effectively operate the technology:

  • Initially, combine three or four data sources.
  • Utilize qualitative data analysis software to identify patterns and obtain insights regarding the information
  • Present those insights to decision-makers in an understandable format
  • Share findings of the analytics programs in a timely fashion.

By following the aforementioned protocol and having remote DBA professionals monitor all activity, manufacturers will be able to effectively harness IoT data without obstruction.

The post Manufacturers: The Internet of Things is here appeared first on Remote DBA Experts.