A broad range of security controls can be implemented to protect databases, including technical, administrative and physical. On the technical side, vendors, like Oracle, have developed an array of tools to safeguard data where they reside. Policies and procedures enhance the security from different perspectives.
So what are the key measures of database security? Following these security practices will significantly increase the security of a database system against potential compromises:
1. Identification and Authentication
An account is required to have access to the databases and it must be properly authenticated before being granted any access. This applies to all accounts, whether user or service accounts.
2. Less is Better
The principle of least privileges should be followed when granting rights to accounts; no account should have more rights than required to perform its jobs. And, when possible, separation of duties should be implemented in granting rights to accounts. Furthermore, the principle of least functionality should be followed. That is, functions or services that are not used should be disabled.
3. Auditing and Monitoring
Access to the databases should be audited and/or monitored, and the auditing should be detailed enough to identify actual and potential compromises. Any irregularities should trigger an alert to the appropriate personnel.
4. Updates and Patches
Any patches and/or updates should be applied as soon as they become available. This will remediate vulnerabilities existing in the early version or release of the database system.
Sensitive data should be encrypted even though this may impact the performance.
6. Backup and Disaster Recovery
Databases should be properly backed up to prevent potential data loss. The backup should be regularly verified to ensure that the databases could be fully restored in the event of a disaster.
Protecting information is critical to any enterprise so implementing robust security practices is an important early step in defending your databases from threats and compromises.