Explore Database Security Tools: Part 1
From firewalls to cloud visibility to bouncers to conference name tags, we explore the underground world of Database Security Tools and draw on philosopher Rene Descartes' eternal wisdom to remind us of the existential power of data.
Do you know who can make or break a night out? Bouncers. You know, the people who stand at the entrance of the club you have just spent an hour queuing for, only for them to take one look at you, grunt, "you're not coming in," and shove you aside to make room for the next person.
The club might be achingly hip. It might be a dive bar. It doesn't matter. If the people at the door are not sure about you or don't like your look, you're not coming in. You might feel mad but you can't blame them. They're just doing their job; to keep the good vibes in and the mischief-makers out. After all, any trouble is on them.
They're the human equivalent of Database Security Tools. Maybe someone in that queue is the human equivalent of a database security threat. As with Database Security Tools, if something (or someone) looks a little bit dodgy, it's better to refuse entry. You see, if you're responsible for other people's data, you must take appropriate measures to keep it safe. Love it or hate it, security - database and club - is here to stay.
Data breaches like the 500,000 stolen Zoom passwords and MGM's loss of 142 million guests' personal information remind us why. We can't grant you club VIP status but if you're ready to learn more about database security adoption, this article is for you: a two-part tour of Database Security Tools. Find out what it is, why you should care about it, what it involves and what tools you need to succeed.
First Things First: What Is A Database Security Threat?
Database security threats are threats to your database's security. Well, duh! However, you may ask, what do these threats look like?
Let's ask the Marriott hotel chain. In March 2020, Marriott revealed that hackers had siphoned off the names, birthdates, telephone numbers, and travel information of its loyalty scheme application users - around 5.2 million guests. What makes this figure worse is that Marriott is no stranger to security threat danger. In 2018, it experienced one of the five largest data breaches in history, when around 500 million customers had their data stolen. Nothing like learning from the past, right?
External breaches are the most well-known types of cyberattacks. They include threats like hackers who exploit your database's vulnerabilities through malware (malicious software) such as viruses, trojan horses, and worms. An internal breach is where the danger comes from inside your organization. There are three ways this can occur:
Human Error: Human error is unintentional. For example:
An employee may forget to password-protect or encrypt the data.
Teams might have higher-level access than they need.
Someone may lose their phone or laptop in a Bring Your Own Device (BYOD) environment.
Malicious Intent: A disgruntled employee deliberately sets out to harm the organization by hitting it where it hurts: its reputation and its profits. Think of Milton Waddams from "Office Space" who (spoiler alert) sets his office building on fire as revenge for his desk being moved innumerable times.
Infiltration: Hang on, do you even work here? Infiltration is when a non-employee gains employee-type database access through social engineering activities, like phishing.
Although internal database breaches don't sound as glamorous as hackers and malware do - you're unlikely to see a film made about Dave in marketing who forgot to password-protect his spreadsheet - internal database breaches are the biggest threat to your organization. You must take them seriously.
A Brief History Of Database Security Tools
During the 1970s and 80s, most database security threats came from inside the organization and typically involved employees reading confidential documents. Database security became a thing in the 1980s when - surprise! - we discovered viruses. The first viruses were created accidentally but it didn't take long for unscrupulous people to realize what they could do and use them maliciously. It was around this same time that the first firewall was developed.
A firewall is a theatrical name for a security system that controls incoming and outgoing network traffic. There was no fire involved and the wall was metaphorical rather than literal. However, it did the trick for a while. Firewalls have developed over time so that they now include user authentication, URL filtering, and application-level customization. Alas, still no walls of fire. Maybe the next iteration?
More Database Security Tools followed in the 1990s to combat the pace at which viruses were spreading (excuse the pun): antivirus solutions and Secure Sockets Layer (SSL). It is a standard security risk protocol that encrypts sensitive data so that only the intended recipient can view it decreasing insider threat. It's the grandaddy of secure data transfer. Antivirus software finds viruses and worms by scanning IT systems for strings or sequences of characters. These strings are like those awkward stickers given out at conferences that say, "Hi, I am [blank]'' and then you have to fill in your name in marker pen. In this case, your sticker would say, "Hi, I am malware." and you wouldn't be a welcome attendee.
While these were valiant first steps, it didn't take long for two issues to emerge: most antivirus solutions interrupted workflow and productivity and as the number of malware samples continued to increase, early antivirus solutions simply couldn't keep up. Next stop, Endpoint Protection Platforms (EPPs). These are Database Security Tools placed on endpoint devices (laptops, smartphones, PCs - anywhere you can save data) that detect nefarious behaviors, prevent file attacks and collect the information you need to investigate a breach.
Firewalls, antivirus software, and EPPs have continually evolved and today make use of Artificial Intelligence to better detect and respond to threats. So, is this it? Have we cracked database security? Have we, heck.
What Is Database Security?
Most of us use databases every day at work. A database activity monitoring tool is nothing but information that's organized and stored in a way that others can access and use it. It's all this accessing and using that creates a need for database security.
Database security covers all the ways you keep your database and the information it contains secure from internal and external threats. It protects:
The Database Management System (the DBMS)
The data inside the DBMS.
The database server (physical or virtual)
The infrastructure used to access the server.
What Is A Database Security Tool?
Ross J. Anderson summed it up: "If you design a database to be used, it cannot be secure. And if you design a database to be secure, you cannot use it."
Database Security Tools are software products that enable you to keep your data secure while still being able to use your database administrator. These tools are much like coffee machines: the features vary but there are fundamental tasks that all must deliver. A coffee machine must make a decent cup of coffee and a Database Security Tool must be able to secure databases. They do this by:
Monitoring and/or recording user activity.
Encrypting your data
Integrating with your database — whether cloud-based, on-premise or both.
Enforcing database access control policies
Features, meanwhile, can be as non-frill or whizzy as you like. They can include user governance, security testing features, and identity management.
You may need one Database Security Tool that does everything, or you may need several that look after niche areas. What works best for you will vary depending on your business needs and infrastructure.
Why Do You Need Database Security Tools?
Are you the Terminator? Do you work with him? No? Then it's safe to assume that you and the people within your organization are human beings. Human beings are flawed. Hundreds of nuances affect the decisions we make, from the way we interpret behaviors to what we deem as threats and why. This is why we need non-human help.
Database Security Tools are database encryption machines that regulate unauthorized access and security control from a data breach. They don't have bad days. They don't get distracted every time the smartphone pings with a new Facebook notification. However, they do see patterns and meaning in actions that otherwise go unnoticed by the human eye.
Here are some more reasons why you need Database Security Tools.
Database performance and business continuity
You can't pause your database activity every hour, every day, or even every week to run protection and maintenance measures. This is why some organizations sacrifice these acts of compliance for business continuity. A Database Security Tool protects your database while allowing it to continue business operations at peak performance.
Cloud visibility: Zero
According to Statista, almost half of all data is stored in the cloud. Have you ever flown in a plane on a cloudy day? What can you see when you look out the window? Nothing. It's the same for cloud-stored data - cloud visibility is notoriously poor, yet many organizations deem it vital for running their business. Database Security Tools are your eyes and ears in the sky, watching and listening in the places you can't.
Do you know every datum in your database? Unlikely - but if you don't know it's there, how do you know it exists? Philosopher Rene Descartes asked this same question about humans. He wanted to know whether we truly exist or whether an evil genius controls our minds to make us think we're real. He came up with this: I think, therefore, I am. He meant, if I can think to ask this question, I'm not controlled by an evil genius; therefore, I must exist. This (unnecessarily) deep and philosophical paragraph is merely to remind you that although data doesn't think, it is controlled by evil geniuses (like Dave in marketing) and data does exist, all the time. Once you collect it, it's there - even if you don't know it's there. So, how can you protect something you don't know exists? You can't, which is why you need database auditing protection tools.
No one wants to buy from someone they don't trust. You may have the greatest product on Earth but if your audience doesn't believe that you can keep their information secure, they'll go elsewhere. On the flip side, if you have evidence, you take data security audit seriously, you can win customers from those organizations that don't.
Wrapping It Up
There's no longer any excuse for outdated, inept security measures. If Indiana Jones would say your setup "belongs in a museum," it's time you explored your Database Security Tool options. Which, quick plug, we will do in Part 2 of our Database Security Tools Series.
Having a structured, organized and secure database makes your job easier, helps your organization become compliant and build a reputation for integrity and — most importantly — allows your customer to trust you with their personal information.
When you put it like that, isn't database security a no-brainer?
Disclaimer - Reference to any specific product, software or entity does not constitute an endorsement or recommendation by TechDogs nor should any data or content published be relied upon. The views expressed by TechDogs’ members and guests are their own and their appearance on our site does not imply an endorsement of them or any entity they represent. Views and opinions expressed by TechDogs’ Authors are those of the Authors and do not necessarily reflect the view of TechDogs or any of its officials. All information / content found on TechDogs’ site may not necessarily be reviewed by individuals with the expertise to validate its completeness, accuracy and reliability.
Join The Discussion