Ensuring Database Security and Appropriate Permissions

by Oct 1, 2019

Data security is a topic that should be uppermost in the minds of all IT professionals. Protecting an organization’s intellectual resources from unauthorized access or illicit use is a responsibility shared by everyone in the enterprise. A breakdown at any level can have disastrous effects that can destroy a company’s financial health and severely damage its reputation.

Basic cybersecurity measures should be practiced by every member of an enterprise. Businesses should make it a point to properly train their employees on the security policies they should follow. Some specific actions are:

  • Employing strong passwords and changing them frequently;
  • Avoiding suspicious email that may introduce malware to your system;
  • Protecting computers and networks with antivirus software and firewalls;
  • Backing up critical business data;
  • Limiting access to sensitive information.

An individual’s role in an IT team greatly influences the way in which they impact an organization’s data security. One might think that the risk increases as you get higher in the IT hierarchy, but that is not always the case. CIO’s are not usually the source of data breaches. They don’t have the physical access or system authorization required to compromise data security.

A data breach is much more likely to be caused by the inefficient handling of backup media by system operators than it is from a loose-lipped executive. Rogue system administrators may have contributed to a loss of sensitive data. In fact, anyone in the company with access to a particular block of information can damage or misuse it. Most of the data that you want to keep safe lives in your company’s databases.

Protecting Your Databases is Essential

As the repository of your company’s valuable and sensitive data, its databases are at the root of many instances of data breaches or mishandling. Here are some useful tactics to strengthen the security of your databases.

  • Use application and database firewalls to help protect your databases from unauthorized access and lessen the potential of SQL injection attacks. Only authorized users should be able to connect to your databases.

  • Harden your databases by keeping up to date with security patches and database upgrades. Uninstall or disable unused features and change the passwords of all default accounts. Enable all internal database security controls.

  • Encrypt data both at rest and in-transit. Data that is being transmitted over a network is susceptible to attack and should always be encrypted. Backup data should also be encrypted with decryption keys stored in a different location.

  • Manage database access to ensure that only authorized users get in and that they only have the level of permission that they need to perform their job.

  • Monitor database activity for suspicious activity that may indicate an account has been compromised or your systems are under attack by hackers or malware.

  • Provide physical security in cases where it is warranted. Extremely sensitive or mission-critical data may need to have physical access restricted.

The Role of the Database Administrator

A DBA has a hand in many of the practices that secure a database. They may have no part in instituting firewalls or enacting physical security, but just about all of the other tactics discussed above are in the realm of a DBA’s responsibilities. These are some of the specific tasks DBAs should be performing to ensure the security of their databases.

  • Managing users and resources is perhaps the first line of defense for database security. Users should not have an account unless there is a justifiable business reason. The user community changes over time and needs to be regularly revisited to ensure only the right individuals are accessing a database.

  • Managing user privileges and roles is done after a user has been granted access to a database. The degree of privilege they have should be commensurate with the needs of the business and regularly evaluated to determine if they need to be modified.

  • Auditing and monitoring database use is critically important to identify excessive permissions and suspicious activity. Investigations resulting from these procedures can be used to conduct security evaluations and close potential gaps in database protection.

Database Security in a Complex, Multi-Platform Environment

Database security is complicated even if your environment is comprised of a single database platform. In most modern computing environments, DBAs must struggle with instituting tight security across multiple platforms simultaneously. This only increases the complexity of the task and can lead to mistakes and inaccuracies.

DBArtisan is a component of IDERA’s DB PowerStudio suite of database management and development tools. It assists DBAs in performing their administrative functions across multiple database platforms from a unified interface. It facilitates security management on a wide range of on-premises and cloud databases including Microsoft SQL, MySQL, Oracle, and Sybase.

With DBArtisan your DBAs can perform user, role, and permission management consistently across all supported database platforms. It can also be used to label and classify data to make it easier to protect. Your DBAs will love the functionality of the tool and the whole organization will benefit from the increased security it affords your data.