Securing vulnerable databases

If you’re an organization that handles personal data, then you use a database to store it.  Whatever variety this may be, whether SQL Server or other, as with all components of data collection, these databases are vulnerable to compromise, intentional or accidental.  

One database management system, MongoDB, recently announced a data breach against its corporate systems, exempting their MongoDB Atlas database.  Customer metadata and contact info was accessed by an unauthorized party, a process which the company thinks “has been going on for some period of time before discovery.”  MongoDB then immediately initiated its incident response and contacted relevant authorities.  For potentially affected customers, the usual recommendations have been made of multi-factor authentication applies, as well as regular rotation of passwords.

Databases like MongoDB that store sensitive data need to be protected above all else.  Solutions like NetLib Security’s Encryptionizer lead the way in this field, providing transparent encryption of stored data across all environments – physical, virtual and cloud..  Encryptionizer protects a wide variety of databases across the Windows operating systems, including SQL Server, Postgre SQL, MySQL, and indeed, MongoDB, to name a few.  With no additional programming required or impact on performance, Encryptionizer offers out-of-the-box security to effortlessly protect your data on servers, legacy systems, devices and distributed applications.

In other news, Comcast’s Xfinity entertainment platform has disclosed their own breach affecting the data of 36 million customers.  This comes just a week after the Citrix software Xfinity uses was discovered to have a vulnerability, known as CitrixBleed, which has been responsible for major breaches worldwide.  The company has determined that certain types of data were stolen, from names, passwords, even contact info and Social Security digits.  Luckily, it seems the passwords at least were hashed, which should stymie their exploitation in cybercrime efforts.  Another good reminder why you should always encrypt your data.

So far, Xfinity hasn’t seen any fraudulent use result from the stolen information, although, based on the scope and factors involved in the breach, it could very well impact all of Xfinity’s customer base.  As a unit of Comcast, it may even extend to customers of the parent company as well.  As of now, Comcast hasn’t disclosed any security incident to the Securities and Exchange Commission (SEC).

In both stories, we can see the vital need to and benefit of encrypting one’s data.  To frustrate cyber thieves seeking this valuable resource, no opportunity can be ignored.

Request a free evaluation of Encryptionizer here to determine how it can best suit your data security needs.