Database management has security implications

Published: Monday, April 16, 2012

How organizations manage their database infrastructure plays a major role in how secure their operations can be. This includes migrating from one database to another without experiencing data loss, protecting infrastructure from hackers, establishing systems that safeguard the DB against insider threats and even avoiding inadvertent breaches. The accidental data breach caused by a bad line of code is surprisingly common among businesses. Along with these security threats, organizations also need to avoid allowing malware to proliferate within their database environment, Dark Reading reported.

According to the news source, it is becoming more and more common for businesses to be hit by a malware attack that leads to a data breach after they have already removed the virus from their system. The problem, in the end, is fairly simple. Organizations use advanced automatic backup systems to copy their databases to a secondary server setup on a regular basis. However, many organizations do not effectively manage their backup databases. As a result, malware becomes a major problem.

The report explained that companies frequently find themselves in a difficult position because they actually reintroduce the malware into their IT system. What actually happens is really simple, but has complex implications. A malware application gets into the corporate database. As it rests in the background, data is updated by a user and the system is backed up. That database is not used for a few days, but the antivirus program immediately notices the malware and deletes. IT thinks they are secure. But the database is a secondary system and is only updated on an infrequent basis.

A few days later the primary server supporting the DB fails. No problem, IT thinks. They simply plug a new server in and input the backup system. Then they connect that server to the corporate network and suddenly there is new malware. The problem is that the backup version of the database included the malware, even though it was successfully removed from the primary configuration. The news source said this is a surprisingly common problem.

Oliver Friedrichs, head of Sourcefire's cloud technology group, told the news source that database restore function frequently reintroduces malware. Analyzing the database infrastructure of its clients, the security provider found more than 22,000 instances of server restores bringing malware back into the IT configuration in just a month.

"We've historically talked about backing up malware as a hypothetical ... we assume it's been happening, but there hasn't been a clear way to see how frequently it's been taking place. This [analysis] is a confirmation and affirmation that it is happening, and we should be concerned about it and aware of backing up malware and then restoring malware," said Friedrichs.

Overcoming this issue can be a major challenge for organizations, as it requires incredibly careful database management. However, if organizations follow similar processes to how they root out redundant and inaccurate data when they migrate database systems, they could gain the ability to identify malware when they restore a system.

Through advanced data mining and analysis tools, organizations completing a database migration or simply managing existing databases can thoroughly evaluate all of the content within a system and use that knowledge to get rid of information that is no longer needed. Sophisticated solutions can also be used to analyze source code for errors that may have been introduced to the database during day-to-day operations. These practices are common when migrating, consolidating or simply maintaining DB platforms. This same level of oversight can also help organizations recognize when the source code of a database has been infected by malware as long as IT is diligent about analyzing the backup DB before plugging a server into the network.