Database Security – Scope of Threats
While speaking of database security, the first thing that comes to mind is to protect it from unauthorized users. However, the scope of database security is far wider than just protecting it from unauthorized users. Still, the database security is only a sub domain of the overall computer security. Computer security starts at the root of the individual data expanding to the database, and then to the network that finally expands to the individual computers on the network.
In other words, problems with individual computers or any network device can also corrupt your database. In addition, there are malicious users who can log on to the network and access your database to steal data, modify data, or even delete the entire database. In short, the database is at risk from several angles and any damage(s) can either be initiated due to the ignorance of the user or due to malicious intentions of any person who may or may not be authorized to use the database. While you have to make the database secure so that no one unauthorized can get into it, the accidental damages can be reduced by training the users and imposing penalties on breach of rules such as leaving a system unattended while being logged in.
It is not necessary that only people outside the organization are threats to the database. Even people using the database pose risk to the organization. Some may be selling off confidential data to the competitors for extra income. Others may be helping their colleagues in improving their statistics by altering the data in the database. When it comes to the question as who can be a threat to the database, the only answer is that literally everyone is a threat. Hence, encryption of data is an essential part of database security plans.
Before you create a database security plan, you need to understand the following equation: Important Data + Vulnerability= Threats. Hence, you have to check out the different vulnerabilities while creating a database security plan, some of which are mentioned above. While deleted data can easily be traced, if data is stolen or modified, it can do much damage to the organization before the error is discovered. Your database security plan should also focus on identifying modified data before it creates a disaster.
While there are several components that aid database security, including authentication, authorization, access restrictions, and auditing, we will focus on the primary database security concepts in the following sections. Based on these concepts, you can build the above mentioned aids for use with your database protection plan.