- Keep application and database servers on different physical machines, with a high-performance host for the apps & high-level security for databases.
- Set up web application firewalls, and anti-malware & anti-ransomware solutions for the database server and review them regularly. Turn off any services not frequently used.
- Encrypt data residing on servers with a private key and also encrypt before transit.
- Limit the number of users accessing the database. Allow access only when required. Maintain and monitor activity logs. Keep database credentials hashed and salted.
- Patch the OS and third-party software, APIs and plug-ins using the latest versions. Remove or deactivate unused apps.
- Schedule regular backups and use a database proxy to accept requests only from trusted sources.
Full post here, 6 mins read