Holistic security for database-centric applicationsDate: Jun 05, 2012
A database-backed application consists of dozens of loosely coupled components, each of which must be secured independently. Securing such an application requires a holistic approach. Security professionals must layer security controls to compensate for multiple points of attack (internal and external), multiple points of access (via application, via SQL, via underlying OS, via storage system, via physical access) and multiple types of threats (deliberate theft of data, accidental disclosure, deliberate destruction, accidental loss, etc). Furthermore, security is a constantly moving target: patches must be maintained, logs reviewed, accounts enabled and disabled. On top of all that, the application is likely to keep changing with continuous development for new features and bug fixes, all of which make security harder. This video will provide an executive overview of the security issues of securing database-centric applications and the key tactics essential to success.