Mastering Data Management

More in Business Process Management

• New ebook: Understanding Big Data
• 37 Definitions of “Employee ID”
• Defining Terms: Agree, or Doom your Project
• Establishing a Valid Business “Need to Know” for Sensitive Data

More in MDM

• Best Practices in Test Data Management: Discovering and Subsetting
• TDWI Chicago Preview: Data Warehousing, Analytics & More
• Who’s Afraid of the Big Bad Data?
• MDM for Chief Privacy Officers: A healthcare provider example

More from Kim Madia

• IBM X-Force Declares 2011 the “Year of the Security Breach”
• 6 Essential Elements of Data Security
• Improving Cloud Security with Data Masking
• Data Security Beyond the Data Center

Share this Post

Recent Comments

• ICMCC News Page » Where East Meets West: ehealth in China and the US on Where East Meets West: ehealth in China and the US
• Kim’s Training Podcast on Training as a Safety Net: Kim May
• TDWI Chicago Preview: Data Warehousing, Analytics & More | Mastering Data Management on New ebook: Understanding Big Data

Do you have security policies to protect your data from a disgruntled employee?

Imagine you are a hard working database administrator (DBA.)  You have been with the company for many years and have earned your title of “senior database administrator.”  You have endured countless hours of off shift work upgrading databases, applying maintenance, adding new data servers and accommodating the needs of the development team.

You don’t know what it’s like *NOT* to be on call. You expect at least one page while you are at the movies on Saturday night and one during Sunday night football. You come to expect interruptions during your work day, and far too often, you miss dinner.

One day you get frustrated and decide to go rogue. Who is going to know if you access a few customer records and sell them to marketers? It’s a quick way to get some extra cash, right? Unfortunately for our frustrated DBA, this isn’t a good choice. Abusing privileged user rights results in serious penalties, including hundreds of thousands of dollars in fines and job termination.

We don’t want to offend DBAs. This scenario is just an example of one person making a bad decision, and sometimes it’s hard to ever fully understand motivations in these circumstances. The vast majority of DBAs and other IT professionals are trustworthy, not malicious or disgruntled. However, we are all human and make mistakes, and security policies and controls need to take that into account.

Additionally, accidental disclosure is also a very real threat, and we have to make sure we are protected against it.

With that in mind, we ask the question, “How can access to enterprise databases be protected, monitored and audited?”

One idea is to establish access policies for different users and applications and track 100% of database transactions. Database activity monitoring ensures full visibility into the who, what, when, how and where for all database transactions. Improved access management ensures privileged users like DBAs don’t abuse their authority and protects against human error.

Organizations should securely and continuously monitor access to enterprise data.   Enterprise databases require real-time insight to help ensure data access is protected and audited. Policy-based controls are helpful for rapidly detecting unauthorized or suspicious activity and alerting key personnel. In addition, databases need to be protected against new threats or other malicious activity and continually monitored for weaknesses.

This may seem like a burdensome task, but there are automated solutions available that don’t impact performance and scale with your business.

To learn more, check out this whitepaper: Data security and privacy: A holistic approach

There is certainly a lot more to say on this topic, so we hope you will join us next week for more discussion on protecting against internal and external threats.

This post is part of the Dinner Table Data Security series. Catch up on the full series.