Data Management Research
Most of the organizations and individuals to maintain their database for the purpose of storage of data and information of their employees and other expenses which were previously entirely computerized for the day to day activities of the organizations or the individuals. But what is a database? A database can be said to an organized collection and ways in which data is stored. A good example is a transport company where the passengers give their full name, phone number, email id, and other personal information which is later recorded in the database of the company. An organization or an individual builds a database for the purpose of storing logically interrelated data represented in their real life. Ensuring the data is secured and protected can be comprehensively explained in this particular research paper for database security.
Database security is the process where database managers in an organization use several information security controls thus protecting their databases. The database includes data, information, database applications, database systems, database servers, stored functions and procedures, and various network links. The database information security controls protect the databases against the compromising of the data’s confidentiality, integrity, and availability. Additionally, these controls comprise of categories of controls applied in ensuring that databases are protected. Such controls include:
- Technical controls
- Procedural or administrative controls
- Physical controls.
Database security does not just protect the database against unknown threats. The implementation of database security measures protects database systems against risks such as (Ben-Natan, 2005):
- Malware infections which may easily lead to unauthorized access to the databases, leakage of confidential data and information, damage of data and programs, denial of database services, and attacks among other risks.
- Database performance constraints, overloads, and other issues related to capacity which denies legitimate users rights to access and use database systems as intended.
- Physical damage to the database systems and servers which may have resulted from disasters such as fires, floods, fluid spills, static discharge, electronic breakdown, and equipment failures among many others.
- Database and database systems programming bugs thus leaving the database security vulnerable to security flaws.
- Corruption of data and information in the databases which may be caused by the injection of invalid commands.
- Others are mistakes in the way data is administered, criminal damage, and sabotage of data.
According to research, database security will never be achieved according to the required standards. By this, it means that there is no one time that data will be free from being abused. If a large organization designs their database to be accessed easily, the database is likely to be insecure. On the hand, if the organization design their database in a way that it becomes watertight, it becomes impossible to be used (Theriault & Heney, 1998).
Database Security Solutions
From the previous descriptions of database security, it can be seen that database security and related issues have recently become significant to the survival of the organizations as they consider data and information they store. Therefore, control over the data and database resources must assume the roles and responsibilities of the data stewards in the organizations. If the data stewards of data fail to assume this roles and responsibilities, they may end up jeopardizing business operations and data. The roles and responsibilities of helping to protect against risks faced by data are under-acknowledged by organization’s management and executives.
It is principally and truly the responsibility of database administrators to address database security. However, the responsibility is delegated to ineffectual auditors thus putting the data at risk. There are some basic solutions which individuals tasked with securing data and database systems need consider thus achieving the necessary levels of database security. Such solutions are (Murray, 2010):
Database Discovery and Assessment
Securing database against threats and vulnerabilities involves locating where those database risks and vulnerabilities and critical data reside. Among the things organizations need to do scanning for risks and vulnerabilities which should involve having a thorough knowledge of the risks and vulnerabilities that endanger the data and database systems to the input injection. Upon discovering the vulnerabilities, the database administrators should mitigate the vulnerabilities. The database administrators can also identify the compromised endpoints of the database and prevent them from easily accessing the sensitive parts of the database and the data. The database administrators should then apply controls (Muralidhar, Parsa, & Sarathy, 1999).
Use of Database Rights Management
This solution involves the identification of the excessive rights over the confidential data and information in the organization. Some of the solutions under this are aggregating data access rights where the persons responsible for database security scan database for all users both those who have been granted rights and those who have privileged rights. The database administrator should also ensure the access rights information is enriched with user details and other data sensitivity data.
Database Monitoring and Blocking
Monitoring and blocking is a systematic way through which databases are protected from known attacks, unauthorized access, and theft of data. It involves monitoring all the activities related to how the database is being accessed and patterns in which it is used thus detecting any potential data leakage and protocol and system attacks. The database should be designed in a way that it can generate alerts or terminate the user sessions when it senses likelihoods of unauthorized access. The database administrators should also come up with a detailed profile of the normal activities of all database users (Theriault & Heney, 1998).
Auditing, as one of the database security solutions, help the organizations aiming to have their database secured to demonstrate their compliance with the regulations in the industry. Organizations need to implement DAP solutions capable of delivering performance, scalability, and flexibility thus meeting the requirements of the most demanding environments of the data and database. By the implementation of the DAP solution, the organization will have addressed some of the weaknesses related to the native audit tools. The organizations can also capture the comprehensive transactions thus supporting regulatory compliance requirements, forensic analysis of the data and fraud detection. Additionally, the organization should be able to generate reports for forensics and compliance (Jajodia, 1996).
Data protection as a database security solution involves ensuring that data is protected against loss of confidentiality, integrity, and availability. This solution involves archiving of the external data which is achieved by automation of the long-term processes of data archival. However, the organizations should apply those solutions which can be easily configured thus periodically archiving data to the external systems of mass storage. The organizations should optionally compress, encrypted, and sign the data before it is archived. Databases should also be encrypted across the environments in which data is stored. Through the encryption of the databases, the organization will have secured the ways in which databases are produced and their backup copies (Jajodia, 1996).
Non-Technical Database Security
The solution helps the organizations in instilling and reinforcing a habit of security awareness and preparedness. The organization should have information security personnel with vast IT security experience at the helm of its database security. The personnel should be able to implement, administer, and monitor security solutions thus defending against both external and internal threats and vulnerabilities. The organization should also engage its staff in education and training to equip them with deeper database security knowledge and skills. In other cases, the organization may have to consider hiring external IT security and specialists to help the organization to implement database security and train and support the database administrators.
Organizations and individuals should be in the frontline to safeguard their databases where classified data and information are stored. Failing to do this may cripple the operations of the organization and result in a violation of the industry regulations and eventually destroying the organization’s brand. However, before implementation of any database security solutions, the organization should understand comprehensively database threats and vulnerabilities and implement the solutions. This paper has discussed data management in the light of database security. There is more information related to data management and database security which is helpful to the organization wishing to implement database security.
Ben-Natan, R. (2005). Implementing database security and auditing. Boston: Digital Press.
Top of Form
Jajodia, S. (1996). Database Security and Privacy. Acm Computing Surveys, 28, 1.)
Bottom of Form
Top of Form
Muralidhar, K., Parsa, R., & Sarathy, R. (1999). A General Additive Data Perturbation Method for Database Security. Management Science, 45, 10, 1399- 1415.
Murray, M. C. (2010). Database Security: What Students Need to Know. Journal of Information Technology Education, 9.
Bottom of Form
Theriault, M., & Heney, W. (1998). Oracle security. Sebastopol, Calif: O’Reilly.