Failure to manage data integrity risk can have the following impact:
- Authorization, completeness, and accuracy of transactions may be incorrect as they are entered, processed, summarized, and reported.
- There may be inadequate management controls concerning the integrity of processed data or databases, which ultimately impacts customer transactions.
The impact on network-based technologies is that insufficient error checking at the point of transaction entry can result in incorrect transaction processing and data integrity risks. Integrity can be lost when data is processed incorrectly, or when transactions are incorrectly handled due to errors or delayed processing.
Practices and Performance Measures
The following is a list of practice for the maintenance of data integrity:
Separate Web and Database Servers
Isolate database servers, particularly those containing sensitive information, from a website’s demilitarized zone (DMZ) and locate them on a physically separate network segment from the web and other internet-accessible servers that support your business. Ideally, partition your database server off from the web servers by a dedicated firewall. This firewall should only allow database traffic between the web server and database server. The firewall should also deny and log all traffic from any other location, or other types of traffic from the web server.
Disable and Secure Unnecessary Network Services
Database software, like most operating systems and complex applications, provides a number of services that allow remote system management, distributed processing, and other network-related functions. In many cases, those services are enabled by default and are often ‘protected’ by using either no password or a vendor-supplied default password.
Eliminate Known Security Vulnerabilities
As with applications and operating systems, database servers can also have vulnerabilities that lead to unauthorized data access, loss of integrity, or total system compromise. To minimize the impact of vulnerabilities, keep your systems up-to-date with security patches released by vendors.
Use Database Access Controls
Without the ability to selectively grant access to a database and its data, arbitrary users can add and delete information at will. Even if access controls are enforced by web applications, data contained within the database is still at risk if a malicious user circumvents the web application and accesses the database directly. Most databases support some form of access control that can restrict what users, groups of users, or applications can access or change the database.
Are you effectively managing your organization's data integrity risks? Download our Questionnaire and discover 20 questions to consider.
