Databases Reference
In-Depth Information
10
Encryption
Most databases contain sensitive, proprietary, and/or private information.
This can include customer information, employee salaries, patient records,
credit card numbers—the list goes on and on. The key to maintaining this
information in a secure manner is confidentiality—and companies that
cannot ensure security for confidential information risk embarrassment,
financial penalties, and sometimes even the business itself. Would you do
business with a bank if you discovered that other customers' account infor-
mation (including information that can be used to do wire transfers) fre-
quently leaked out and used by criminals?
A related subject is that of privacy, and there has been a lot of press on
security and privacy incidents. Such incidents are usually reported generi-
cally, and it is difficult to understand exactly how information was stolen
and how privacy was compromised. However, because most of today's busi-
ness data resides in relational databases, it is likely that at least some, and
possibly many, of these incidents involved unauthorized access to this data.
The same is true for identity theft: leakage of data from relational databases
is a potential disaster when it comes to identity theft.
The focus on confidentiality of information has been fueled by two
additional developments: Web applications and regulations. In the past five
years, Web applications have transformed the way we do business and the
way we live, and while such applications have certainly improved access to
information, they have also improved access for hackers. The other develop-
ment (perhaps spurred by the increase in risk and an increase in the number
of incidents) is the emergence of data-privacy regulations that have been
forced on many companies across the globe. Such regulations and programs
include the U.S. Gramm-Leach-Bliley Act (GLBA), the U.S. Health Infor-
mation Portability and Accountability Act (HIPAA), the VISA U.S.A.
Cardholder Information Security Program (CISP), the VISA International
Account Information Security (AIS), the European Union 95/46/EC
Search WWH ::
Custom Search