The Job of Securing
the Database"> "Based on my perception of the IT industry and associated needs, everyone in IT needs to be more aware of security, but DBAs and other administrators need to actively make security part of their job," said Pat Phelan, a database consultant in Peoria, Ill. "I think that every DBA needs to be much more aware of security than they have needed to be in the past." Phelan describes himself as being mostly "in the line of fire" of the increasing demands on DBA roles. "While I cant speak for every DBA, Ive talked with many of them at conferences, technical events and several online forums," Phelan said. "Enterprise DBAs all seem to recognizeand sometimes agonize overdatabase security.""They all have security intertwined in their job somehow, but the way that security links into their job varies a great deal," Phelan said. "The enterprise-grade DBA may or may not be focused on security because while someone on the enterprise team needs to focus on security, usually only a few people on the team deal with the security issues." In response to the gap between the time enterprise DBAs have to devote to database security and an enterprises database security needs, some companies have begun to take a more proactive approach, pulling DBAs out of their regular workgroups and inserting them within an IT security team. "We believe that the database security administrator role is going to evolve," Yuhanna said. "In some organizations, it already exists, but theyre called database security professionals, database administrators or database specialists." This arrangement solves two dilemmas: IT security professionals who lack substantial database knowledge have people on hand to fill this gap, and DBAs receive the intense security focus and training needed to keep enterprise databases safe. "Weve spoken to a few Fortune 1000 enterprises and a few have already started to create this role in the security group," Yuhanna said. "Theyve moved certain DBAs into this group and given them the new knowledge." Companies that are spearheading this move are largely in the financial sector, where database security is central to their operations, Yuhanna said. "The banks are really focusing on their database security, and the financial sector is one of the big drivers of this," he said. "But I think it will evolve into other sectors." What is good for enterprise IT securitymoving a DBA from one general team to a security-focused oneinevitably will be good for the DBAs themselves, as it offers a new, evolving career for those in this IT role. "Its definitely a career path for DBAs," Yuhanna said. "This new database security professional role is evolving, and its going to reside within the security section. Theyll be trained on the knowledge and expertise of the IT security group but already have the knowledge of DBAs. Theyll be managing only the databases security." Others agree, and see this shift as not just an evolution of the DBA role, but a much-needed adjustment. "Given the media frenzy around information security over the past few years I think we will see DBAs focusing more on security and hopefully doing a better job of implementing secure solutions," Machanic said. "But I do not feel that this is actually a new career path; rather, it is a correction of the goals of the existing one." Check out eWEEK.coms Careers Center for the latest news, analysis and commentary on careers for IT professionals.
He sees the DBA field divided into four broad groups: the department DBA, who is usually a Microsoft Office power user who is good with Microsoft Access; the development DBA group, which works almost exclusively with creating code and databases, usually for sale; the small-farm DBA, who has only a few servers to manage, often under another job title, such as network administrator; and the enterprise DBA group, composed of folks who work with databases for 80 percent or more of their day.