Medical body improves database security

gallery

The Royal College of Physicians (RCP) has upgraded its IT security with a database intrusion detection and prevention system (IDS and IPS) appliance.

The UK-based medical professional organisation has deployed the activity monitoring tool, Secerno.SQL to protect the confidential data held on its 22,000 fellows and members worldwide in its Structured Query Language (SQL) databases.

Christopher Venning, RCP IT and network support manager said: “Over the years, we have invested heavily in protecting our network perimeter and locking down our website. However, the threat landscape is continually evolving and hacker attacks are becoming highly targeted, cleverly written to circumvent network defences.”

Venning said the College wanted to upgrade the protection of its highly confidential members’ information against SQL injection attack.

“A data security breach would have disastrous ramifications for us, damaging not only our reputation, but also the security of our members, to whom we have a duty of care,” he added.

The implementation included a security audit of all the RCP’s legacy applications and the identification of database storage areas, interactivity between databases, and data access policies across the organisation.

The audit findings were used to configure the monitoring tool and refine data access policies.

“Despite being a relatively new implementation, the results are clearly visible,” Venning said. “We have a better understanding of how, why and by whom our databases are being used. And more importantly, we are in a position to continually make security improvements.”

Email to a friend

Print this page