Application Security CTO Aaron Newman recommends that vulnerabilities associated with data – not amorphous threats or specific technology weaknesses – be the critical starting point for all security initiatives. Mr. Newman is one of the foremost experts on database security and co-author of the Oracle Security Handbook. He suggests the following six steps are the right mindset for a security resolution in the New Year:
1. Trust no one. No one in an organization should be exempt from controls over how data can be accessed or used.
2. Inventory the most sensitive data, and don’t even think about protective measures until you’ve completed a thorough discovery of sensitive data and where it resides.
3. Build a layered defense, prioritize efforts based on value and risk, and don’t get seduced by silver bullets – there are none.
4. Document everything. It helps to bolster compliance at the same time.
5. Do something decisive, do it quick, and enlist others to help – even if you have to scare them into it.
6. Have vision and the courage of your convictions. The upside of rock-solid security is the ability to share data freely and with confidence, generating maximum value.