Watch your database admins, says security report

Watch your database admins, says security report

Protect the database, urges Aberdeen Group

Article comments

One of the best ways to improve database security is to carefully monitor the very people entrusted to manage them, database administrators (DBAs), a report has concluded.

Perhaps not surprisingly, the Aberdeen Group study of 120 mostly large companies around the globe found a correlation between adopting a range of database security practices and frequency of data breaches.

Companies ranked as using ‘best practice' suffered eight percent fewer incidents of data loss compared to those not adopting such measures, and ended up with 10 percent fewer of a range of audit deficiencies.

However, one of the defining characteristics of companies rated as having good security was a strict management of the managers. This means that database staff are monitored in some form, there is a separation of duties between different managers, and certain kinds of database access are blocked or restricted.

"In this study, respondents estimated that databases are the repository for nearly two-thirds of their sensitive data, so it's no surprise that the results show organisations that monitor privileged user activity suffer fewer data losses," said Aberdeen group's Derek E. Brink.

"The payoff for monitoring insiders can be significant from several perspectives, including security, risk management, compliance and cost."

"This Aberdeen report establishes and quantifies the risk organisations are taking by not monitoring the actions of privileged insiders, as well as the payback for companies that implement database activity monitoring," said Mark Kraynak of database security company, Imperva, one of the report's three co-sponsors.

Aberdeen makes a number of basic recommendations for companies worried about the topic, such as making sure to eliminate shared and default database admin accounts, monitoring ad-hoc queries the better to detect unusual requests, and restricting developer privileges.

If this sample is representative, database security, including the monitoring of the DBAs, is actually a fairly well established principle. Fifty-seven percent said they monitored DBA activities, 61 percent enforced separation of duties between privileged users, and 59 percent audited database access in order to detect unusual intrusions.

The report, Protecting the Database, can be downloaded without charge, for a limited period, by visiting Aberdeen's website.


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
* *