We hear regularly about confidential information leaking into the public domain by organisations thought to have the toughest security in place. In fact, sixty-nine percent of enterprise security executives reported experiencing an attempted theft or corruption of data by insiders in the past year, according to Accenture and HfS Research.
Add in the numerous other breaches reported of late and the message is clear: securing the perimeter doesn’t always work.
Since the database sits at the core of any enterprise operation – and as it is responsible for leveraging and sharing data securely and privately across internal and external borders – it arguably holds the most power and requires the most protection from the growing issue of insider threats.
- Advanced Encryption: This sophisticated level of encryption protects data from hackers and insider threats using standards-based cryptography, advanced key management, and automatic and fast granular key rotation. It helps to provide separation of duties between the security administrator and any system, network, or database administrator – a key security principle.
- Element Level Security: Allows specific elements of documents to be hidden from particular users, providing an even more granular level of security over traditional document-level security. The increased line by line granularity means greater data protection.
- Redaction: Eliminates the exposure of sensitive information, such as personally identifiable information. Redaction does this by removing, replacing, or blocking out sensitive information in order to prevent leakage or the violation of laws or regulations. Most importantly, it gives organisations the assurances they need to share data safely.
- Standards Focus: Standards Focus security includes features like Common Criteria Certification, compartment security and data auditing, as well as strict access controls and authentication that works with the organisation’s existing IT infrastructure. Common Criteria is an internationally recognised International Standards Organisation (ISO/IEC 15408) used by governments and other organisations to assess the security capabilities of technology products.
- Principle of Least Privilege: The requirement that within a particular layer of a computing environment, a user, program, or process only has access to the information and resources necessary to do the job. This includes app security controls around APIs and security capabilities as provided by the database.
- Effective Data Governance Policies: It’s important to implement and follow effective data governance policies and best practices such as maintaining access controls, metadata, data quality, and security features. When attributes can travel with the data, as is the case with an operational and transactional enterprise NoSQL database platform, then the policy enforcement can be more granular and effective.
- The Strongest Available Authentication: Using the strongest or highest level of authentication ensures the security and quality of the data. Examples of this type of authentication include, LDAP, Kerberos and an external Key Management System.
We live in an era of constant data breaches that often occur from within an organisation. But deploying the latest in data security technologies can help organisations protect against insider theft and negligence. MarkLogic’s industry-leading data security features like advanced encryption, element level security and redaction mean that customers can be confident that their data is not only highly available and manageable, but secure as well.
For more information about MarkLogic 9 – the latest release of next generation database technology – visit www.marklogic.com/what-is-marklogic/whats-new.
For over a decade, organisations around the world have come to rely on MarkLogic to power their innovative information applications. As the world’s experts at integrating data from silos, MarkLogic’s operational and transactional Enterprise NoSQL database platform empowers our customers to build next generation applications on a unified, 360-degree view of their data. Headquartered in Silicon Valley, MarkLogic has offices throughout the U.S., Europe, Asia, and Australia. For more information, please visit www.marklogic.com.
For further media information, interviews or images, please contact: Dana O’Neill, PR for MarkLogic, firstname.lastname@example.org.