The Center for Internet Security (CIS) today announced the public release of its consensus security benchmark for Sybase’s Adaptive Server Enterprise (ASE), its flagship enterprise-level relational database management system (RDBMS).
The new benchmark is the only prescriptive controls guide available today for securely configuring Sybase ASE databases. More than 34,000 enterprise customers and 91 of the Fortune 100 use Sybase for data management, analytics, mobile messaging, and enterprise mobility.
The Security Configuration Benchmark for Sybase ASE 15.0 provides best practice configuration settings recommendations covering six security categories:
- Authentication Mechanisms
- Network Security Mechanisms
- Database Resource Permissions
- Auditing, Logging and Reporting Mechanisms
- Extensibility Mechanisms
- Host and Network Deployment.
The guide was created using a consensus review process comprised of volunteer and contract subject matter experts. Consensus participants provide perspective from a diverse set of backgrounds including consulting, software development, audit and compliance, security research, operations, government, and legal. Because they are user-driven, CIS benchmarks are widely accepted and adopted in government, business, industry and academia as the basis for enterprise system and network configuration policies.
By using the benchmarks, security professionals save tens of thousands of dollars in developing custom policies and avoid reinventing the wheel. Further, they enable compliance with the configuration requirements of standards such as PCI and ISO, and regulations such as FISMA, GLBA, HIPAA and Sarbanes-Oxley.
“The cornerstone of an effective data security policy is ensuring that the databases themselves are configured to be as secure as possible. Modern database systems offer a plethora of security options and configurations including access controls, comprehensive audit facilities and encryption. Security, however, is often wrongly disregarded as a performance hindrance and advanced options are misunderstood, misconfigured or simply not used. The aim of this guide, therefore, is to provide clear best practice advice for making use of all security features within Sybase ASE so that organizations can achieve a solid database security baseline,” said
John Heasman, VP of Research at NGSSoftware.