Fujitsu's own Gary Evans has created a series of security blogs to get you going.
He begins the series with a journey through the cybersecurity landscape, setting the foundation with an understanding of the importance for following a framework such as NIST.
As a DBA, there may be teams that you do not associate with daily, but you still need to be aware of what they do. It is your responsibility to understand the roles that play a crucial role in an organization's data defenses, so you can stay ahead of potential data breaches.
Experienced and novice DBAs alike must understand the importance of security benchmarks. No two systems or companies are alike, so benchmarks are unique to their environments. Having a security baseline in place will allow you to use the benchmarks to build a secure system that your CISO will approve of as you try to set the bar high for your team.
Typically, when we talk benchmarks, we are discussing performance metrics. For security, you may not know where to begin but Gary Evans has provided a major clue by introducing the CIS Benchmark. He provides a look into the CIS Benchmark for PostgreSQL 16.
As a DBA, your main responsibility this year will be data protection. Data breaches are at an all-time high within every industry. The key aspect to protecting your data will be to understand authorization – who has it, what are they doing, and when. A guide to authorization and how it aligns to the framework you have in place is explained in detail.
Read about the use of encryption in protecting data at rest and in transit. Learn about encryption types, key management, and the role of application-level encryption. It will help you understand how different types of encryption may fit your use case and how you can manage your encryption keys.
Further digging into the encryption types, it's important to understand the differences between symmetric, asymmetric, and hash functions. This may help you understand why it's highly recommended by some technologist to achieve AES 256-bit encryption.
NIST is a great framework, but it can only be effective if you understand how to use it to identify the risk you may have. Integrating a risk assessment and asset management as it pertains to your data security is outlined, providing details on how it relates to NIST in the asset and risk management blog posting.
Achieving governance and compliance regulations will require an understanding of access control and monitoring activity, along with enforcing measures to support and enhance your data security. The governance blog provides tips in developing a policy to help enforce your organizational goals and standards.
Security detection today needs to evolve to reduce the overall risk. Gary Evans explores the detect pillar, explaining the use of your PostgreSQL catalogue to implement some real-time monitoring.
In the overarching scheme of cybersecurity, detection serves as an early warning system, preventing minor issues from escalating into major data breaches. A robust detection system not only conserves time and resources but also maintains the integrity and trustworthiness of our data management.
More than just a resolution
Security for 2024 should be more than just a resolution. The security blog series can lead you on the journey to improve your cybersecurity awareness and database security.
In conclusion, the Database security blog series by Gary Evans offers valuable insights into the ever-evolving landscape of cybersecurity and database protection. By exploring key roles, security benchmarks, authorization, encryption types, risk management, governance, and detection strategies, DBAs can enhance their understanding and implementation of security measures.
As we look ahead, it is clear that security must be a continuous journey towards improving cybersecurity awareness and data protection. I encourage you to delve deeper into the topics discussed in this blog series to strengthen your security practices and stay ahead of potential threats in the ever-changing digital world.
