When you are creating a database instance a common physical security question is, “Can somebody physically steal my data?” The actual answer can be complex, because numerous factors stand in the way of someone attempting to steal your data. There are fairly well defined routes to your data.
- Datacenter Access – You, or your data center third-party provider, must employ rigorous operations and processes to prevent unauthorized access. This might include 24×7 video monitoring, trained security personnel, key-locked server racks (that house compute, storage, and networking hardware), smart cards, and biometrics controls. Any access that is granted must logged, and you must aggressively control who has physical access to your data center.
- Steal a Disk Drive – Once a trespasser knows which datacenter, building, floor, room, and server rack on which your data resides, they must only gain physical access to steal a disk drive. A thief (even if they are just randomly grabbing disks) would also need to know where you data is stored, and if the data is encrypted on the disk, they would also need your storage keys to even read the media.
- Copying Data onto USB Media – As with disk theft, using removable media means discovering which storage device has the desired data. If the instance is running headless and has a high degree of security enabled it would be difficult to access the data to even start the copy process. You could also disable physical ports on the servers.
- Network Sniffing – Your internal servers should not directly connect to any Internet-facing endpoints, and they should run in a highly restricted mode to block any non-authenticated connections. There should be no wireless access to any production network systems or server infrastructure, effectively eliminating the threat of mobile device exploits.