How Secure Is Your Data?
Having worked for or consulted to leading software publishers, the EC Wise senior team has deep experience in the design, development and security characteristics of database products and applications. Our database engineers have experience implementing high availability, scalability, and performance optimization. Over the past few years, we have increasingly focused on Oracle Database and MySQL Enterprise as the core of a highly secure data management infrastructure, but we also work with MongoDB, Redis and Microsoft SQL Server. In addition to ensuring that your data is secure, we can build high volume data intensive service platforms, and help your teams optimize the performance and manageability of your existing Oracle, MySQL and SQL Server databases.
EC:Secure Data – Oracle Solutions
Based on a variety of metrics, Oracle is the most popular and widely used database system available. EC Wise brings over 20 years’ experience in Oracle enterprise database technology to its efforts. CIO Review recognized us as a leading Oracle Solution provider in 2015.
Over the past few years, we have increasingly focused on ways to enhance Oracle Database 12c Security, which delivers a wealth of security enhancements and new features including conditional auditing, privilege analysis, data redaction, enhanced encryption key management, real application security, mandatory realms, and performance optimizations to name a few.
Oracle sports a wide variety of features designed to reduce your vulnerability. Some of these features are specific to the Enterprise edition, and others are provided by add-on products like Oracle Key Vault and Oracle Audit Vault and Database Firewall. We can work with you to improve the security of your Oracle database in a number of ways, which include:
- Preventing Operating System level data access with Transparent Data Encryption (TDE).
- Managing keys, Oracle wallets, keystores and credential files with Oracle Key Vault.
- Restricting exposure of privileged data to only those who need to know, using on-the-fly, engine level redaction of sensitive data in query results requested by applications
- Enable sharing of data using Oracle Data Masking and Subsetting to obfuscate and extract entire usable copies or subsets of application data from the database.
- Eliminate non-privileged access and tampering by leveraging privileged user controls, configuration controls, and separation of duty controls in Oracle Database Vault.
- Prevent adhoc access to application data by privileged accounts using Oracle Database Vault.
- Using Database Vault to control database operations and prevent unauthorized changes to production configurations that may impact both the security posture and regulatory compliance.
- Conducting privilege analysis with Database Vault. We can help evaluate unused privileges for potential revocation, helping reduce the attack surface and achieve a least privilege model.
- Setting up selective auditing of database operations with policy based conditional auditing for simplified configuration and management.
- Monitoring and blocking unauthorized SQL traffic using the Database Firewall, which uses a highly accurate SQL grammar-based analysis engine to apply the trust but verify principle.
- Developing applications using Oracle 12c Real Application Security (RAS), that apply application level data security policies based on application users, roles and privileges within the database.
Request an EC:Secure Oracle evaluation to help you harden your valuable Oracle databases
EC Wise will evaluate your user accounts and overall Oracle security posture. We will then provide a report with suggestions for resolving these issues and other areas to review–for a low price of $500 per database. The EC:Secure Oracle evaluation will look at four key areas:
- Account control, which covers user account management, authentication and privilege assignment for both natural user and role based accounts
- Encrypting data at rest, i.e. data stored on disk.
- Encrypting data in transit, i.e. when the data is passed to and from applications and between Oracle masters and slaves
- Protecting application data from illegitimate, threatening SQL statements
EC Wise Oracle services
EC Wise has been building and managing marketing service platforms and social networks that use Oracle as a database platform since 2002. Our engineers have experience with implementing high availability, scalability and performance optimization with both on premise deployment and in the cloud. In addition to ensuring that your data is secure, we have built high volume java and Oracle based service platforms, and helped client teams optimize the performance and manageability of their existing Oracle databases. Our Oracle database administration, performance management and tuning and application services include:
- Planning and deploying Oracle databases (raw iron and virtual) including use of Automatic Storage Management, planning and creating tablespaces, datafiles and redo logs.
- Implement RAC for system fault tolerance
- Implement local and distributed database recovery strategies using RMAN, Oracle Flashback and Oracle Data Guard
- Deployment and administration of Oracle on Unix based SMP (scale up) and Linux based RAC (scale out) topologies.
- Conduct performance analysis and tuning using Oracle Workload Repository, Automatic Database Diagnostic Monitor and application logging.
- Design and implement table partitioning and restricting strategies to improve performance and minimize storage costs.
- Implement table versioning using Oracle Workspace Manager
EC:Secure Data – MySQL Solutions
Few open source technologies are as widely used as the MySQL RDBMS, the data platform powering the vast majority of today’s web and cloud services. But with great popularity comes greater risk in the form of more commonly known security exploits and attack vectors. What can you do to harden your MySQL databases against cyber attack?
MySQL sports a variety of features designed to reduce your vulnerability. Some of these features are specific to the Enterprise edition, which requires paying modest licensing and support fees; they include:
- MySQL Enterprise enhanced authentication services, which enables user authentication against corporate directories.
- MySQL now includes “Transparent Data Encryption” using AES256, which protects the privacy of your information, prevents data breaches and helps meet regulatory requirements including the Payment Card Industry Data Security Standard (PCI DSS), Health Insurance Portability and Accountability Act (HIPAA) and numerous others.
- MySQL supports secure (encrypted) connections between clients and the server and among servers.
- MySQL Enterprise Firewall enables database administrators to permit or deny SQL statement execution based on matching against white-lists of accepted statement patterns. This helps harden MySQL Server against attacks such as SQL injection.
- Audit Logging, which uses the open MySQL Audit API to enable standard, policy-based monitoring and logging of connection and query activity. Meeting the Oracle audit specification, MySQL Enterprise Audit provides an out of box, easy to use auditing and compliance solution for applications that are governed by either internal and external regulatory guidelines.
EC Wise MySQL services
EC Wise has been building and managing marketing service platforms and social networks that use MySQL as a database platform since 2010. Our engineers have experience with implementing high availability, scalability and performance optimization with both on premise deployment and in the cloud. In addition to ensuring that your data is secure, we can develop applications for MySQL in multiple programming languages including java, PHP, and Python, develop mobile products that use MySQL as a data store, and help your teams optimize the performance and manageability of your existing MySQL databases.
Request an EC:Secure MySQL evaluation to help you harden your valuable MySQL databases
EC Wise will evaluate your user accounts and overall MySQL security posture. We will then provide a report with suggestions for resolving these issues and other areas to review–for a low price of $500 per production server. The EC:Secure evaluation will look at four key areas:
- Account control, which covers user account management, authentication and privilege assignment for both natural user and role based accounts
- Encrypting data at rest, i.e. data stored on disk.
- Encrypting data in transit, i.e. when the data is passed to and from applications and between MySQL masters and slaves
- Protecting application data from illegitimate, threatening SQL statements
EC:Secure Data – MongoDB Solutions
MongoDB has become the leading NoSQL database, due to the ease of developing and deploying internet applications with it. We have found it to be exceptionally useful for systems based on integration with third party systems, where data describing common objects, but with different schema details, needs to be assembled and processed. As an example, we use MongoDB as the underlying datastore for Pivot Payables services, where data is pulled in from various ERP and expense and payables processing systems and reformatted for delivery to partner systems.
With the proliferation of applications using MongoDB come risks, as security has not been a priority in many MongoDB deployments. It is, however, certainly possible to develop and deploy applications securely with MongoDB. EC Wise VP of Engineering Tom Spitzer recently made two important presentations to the MongoDB community at MongoDB World 2017, in which he offered hardening strategies for developing and deploying MongoDB based applications. The first was It’s a Dangerous World – Making Your MongoDB Community Installation More Secure; the second was Securing Your Enterprise Web Apps with MongoDB Enterprise (video available).
The MongoDB team has been working diligently to beef up MongoDB’s security profile. Today, many organizations, including several of our clients, use it successfully as the basis for highly secure transaction processing systems. Our engineers can work with you to beef up your security profile in a number of ways, which include:
- Setting up secure connections between application servers and database servers in a MongoDB cluster.
- Choosing the appropriate user authentication model and implementing it in a way that maximizes performance and operational efficiency.
- Helping define an effective role and privilege model.
- Working with application developers to ensure they are using techniques that avoid injection attacks.
- Using OpsManager to set up a secure database backup strategy
- Implementing database level encryption.
EC Wise MongoDB services
EC Wise has been building and managing transaction processing systems and gaming networks that use MongoDB as a database since 2010. Our engineers have experience with implementing high availability, scalability and performance optimization with both on premise deployment and in the cloud. In addition to ensuring that your data is secure, we can develop applications for MongoDB in multiple programming languages including java, PHP, and Python, develop mobile products that use MongoDB as a data store, and help your teams optimize the performance and manageability of your existing MongoDB databases.
Request an EC:Secure MongoDB evaluation to help you harden your valuable MongoDB databases
EC Wise will evaluate the connectivity to and among your MongoDB instances, and your authentication and authorization strategy, in light of your overall security posture. We will then provide a report with suggestions for resolving whatever issues we find and suggest other areas to review–for a low price of $300 per database. The EC:Secure MongoDB evaluation will look at four key areas:
- Account control, which covers user account management, authentication and privilege assignment for both natural user and role based accounts
- Encrypting data at rest, i.e. data stored on disk.
- Encrypting data in transit, i.e. when the data is passed to and from applications and among MongoDB masters and replicas.
- Protecting application data from illegitimate, threatening javascript.
