How to Monitor and Protect Your Databases

The need to preserve the confidentiality and integrity of data and to monitor privileged user activity is driving organizations to reconsider their strategy for database security, and to impose stringent controls across database systems. It's critical to maintain database security review processes and stay up-to-date with patches and controls. Because compliance demands it and customers expect it, Knowledge Center contributor Dominique Levin explains how you can best monitor and protect your databases.


With the database market valued at more than $20 billion, and the amount of sensitive information stored growing rapidly, it is little wonder that databases are a huge target for security attacks today. After all, they contain customer credit card information, financial data and intellectual property as bait. Some extremely large and sophisticated predators are willing and able to crack open the database for illegal and malicious purposes. You might even consider databases as storing the corporate crown jewels or the lifeblood of an enterprise.

In many organizations, privileged database access is granted excessively and managed poorly. Developers, mobile workers and external consultants often have access to sensitive information without much restriction. In addition, personnel turnover and outsourcing can make database activities more difficult to lock down.

Though databases are subject to most compliance requirements-including the Payment Card Industry Data Security Standard (PCI DSS), the Sarbanes-Oxley Act, the Health Insurance Portability and Accountability Act (HIPAA) and the Federal Information Security Management Act of 2002 (FISMA)-it's not always easy to meet compliance objectives, and compliance isn't always a top priority.

Even when businesses embark upon privileged user monitoring, audit trails, reporting and keeping patches up-to-date, a clever attacker will often know how to cover his or her tracks. A common guise I come across is hackers posing as administrators. By escalating their privileges, they can automatically gain access to any database and export or download valuable information, then completely erase their tracks.

Despite the various complex or mundane attempts at securing databases, they remain a one-stop shop for valuable information. Data theft and breaches from cybercrime may have cost businesses up to $1 trillion dollars in 2008. That's quite a big market and fairly unnerving. But don't let reports of rampant crime get you down. There are a few simple ways to uphold database security that any small, medium or large enterprise can follow.

One thing for organizations to consider is that threats and attacks can come from both internal and external parties. Late in 2008, there were predictions of strong growth in insider threats in 2009, with the global economic downturn becoming a primary motivator. Outsourcing, mobile workforces and employee turnover-these magnify the situation in which privileged users may try to gain access to private information residing in your databases. Often, a data breach will occur and fingers will automatically point to the database administrator, the gatekeeper, as the culprit.

Even though insider threats are very real, businesses must be able to protect both themselves and their employees from harm. Because database activities can sometimes be erased, it's hard to always tell exactly who is responsible for any breach in security. Database intrusions should be actionable in real time to detect, alert and prevent.