Increasingly companies are storing data for retrieval in dedicated 'data warehouses' - large structured data storage systems from which information can quickly and easily be retrieved for reporting. However, putting all your confidential information in one place comes with risks.
Here are some of the top risk areas to consider with your data warehouse:
- How do you know that all the data you need is being stored?
- Have you tested that it is being stored correctly, without any loss of integrity?
- What is the process for inputting data?
- Are automatic links with data sources properly configured, documented, secured and monitored?
- Do you have a data classification policy, and if so is it applied to data entering the data warehouse?
- Is data exported from the warehouse to other applications, for example for reporting?
- If so, is the data secure in these applications?
- What happens to the output, and is it transmitted and stored securely?
- How do you know that only authorised recipients are able to obtain the output?
- How do you know the right recipients receives the right information - and nothing more?
- How do you know outputs are accurate?
- Are reporting jobs run at optimal times to maintain good system performance and proviode accurate, timely information?
- Have user access rights been determined and documented?
- Are these rights appropriate?
- Are they based on roles, for example through Active Directory groups (easier to control), or individual user permissions (pretty much impossible to control)?
- Are administrator and super-user accounts carefully controlled and audited?
- How is data segregated in the database- for example clients, departments?
- Is the supporting database appropriately configured and hardened for maximum security?
- Is access to data restricted according to it's sensitivity?
- Are backups maintained in a secure location, and is access to them restricted?
- Do you have sufficient people to manage, monitor and maintain the data warehouse and supporting systems and infrastructure?
- Are they appropriately trained?
- Does your system have sufficient capacity as the amount of stored data grows?
- Will performance and availability continue to be satisfactory as usage and reliance on it increases?