Customer facing applications such as websites, point-of-sale systems, and call center programs all represent vulnerabilities to data at its collection point. Similarly, internal facing applications like human resources, enterprise resource planning, financial and manufacturing systems can expose sensitive data.

Data, whether collected externally or generated internally, is almost immediately pressed into use. And data in use is vulnerable to attack. It is vulnerable whether it is being used by an application or it is “at rest” in a database, file, or archive. It is equally vulnerable to attack when “in transit” amongst different applications, databases, and archives.

Protecting your data, and therefore your business, demands a keen awareness of where your data security risks lie. Data risks arise from many types of threats both external and internal to an organization. When someone is not busy trying to steal your data outright, they are hard at work determining new methods to gain access to that data through an application.

Data is subject to numerous and varied threats including:

• Insider theft through unauthorized queries and file or report access
• Hacks such as SQL-injection, cross-site scripting, cookie poisoning, and other OWASP listed attacks
• Physical theft of servers and tapes

 
Mitigating data security risk means protecting both data at rest and the applications that provide access to and make use of that data.