Database Security Services

Database Security Services

The Importance of Data Security
Preserving the integrity and confidentiality of client data is critically important.  In addition to the potential loss of client confidence and the total costs that might result from a breach, which averaged more than $5 million in 2015, regulators and federal courts are increasingly enforcing penalties for the loss of client data, regardless of whether or not any resulting harm to clients can be demonstrated (see the 7th Circuit Court’s 2015 ruling in Neiman Marcus, holding the defendant liable for breach despite the lack of any demonstrable harm to a client, and the SEC’s 2015 decision to charge investment advisory firm R. T. Jones for failure to adopt adequate cybersecurity policies prior to the firm being breached).

Why Firms Typically Fall Short In Terms of Data Security
The majority of firms continue to fail when it comes to data security, due to several recurring factors, including the mistaken belief that network-level security, such as the use of firewalls, is sufficient in itself, and the mismanagement of access controls and data aggregation procedures.  (The second factor is worsened by the misconception that 3rd-party administrators, including cloud-based providers such as Amazon Web Services, assume responsibility for admin protocols and credential monitoring, when in fact they often explicitly disclaim this responsibility.)

Just as insider threats and illusive malware make “perimeter only” defenses porous, database point products and access procedures are continually weakened by configuration issues, the challenges of data aggregation among disparate enterprise data centers, and inadequate or inconsistent controls relating to 3rd parties and the general transmission of data.

NES Services for Improving Data Security
At NES we employ highly qualified database engineers and architects who have decades of experience securing enterprise-level and hybrid data centers, belonging to organizations that range from multi-billion dollar hedge funds and corporations to global defense agencies.

Our services include, but are not limited to:

Industry Solutions to Meet Your Operational Needs

  • SQL and Oracle Database Services

Custom Data Management Solutions

  • Data Center Design, Migration, and Implementation
  • Data Warehouse Architecture

Access Controls and Encryption

  • Governance Policy Design and Management
  • Authentication (including cell-level authentication)
  • Workflow-based and Role-based Access Controls
  • Periodic Monitoring of Credentials and Accounts
  • Data Encryption & Obfuscation

Data Management and Recovery

  • Incident Response & Disaster Recovery
  • Real Time Back-up / Roll-back Implementation and Versioning Controls
  • Database Clustering
  • Metadata Integration and Management
  • Reporting Services (ETL/ SSIS /ODS)

Data Security and Integration Assessments

  • Database Security Testing
  • Compliance and Certification-focused Enhancements
  • Data Integration and Performance Tuning

Monitoring, Documentation & Reporting

  • Creation and Maintenance of Related Regulatory Compliance Documentation
    • Business Continuity Plan
    • Incident Response Plan
    • Data Management and Data Destruction Policy
  • Monthly and/ or Quarterly Reports to Senior Management
    • Network Log Reports & Traffic Analysis
    • Custom Risk Analytics and Alerts
    • Reporting on Data Usage by 3rd-parties (vendors and business partners)