Database Security
Our Database Security Podcast speaks to a pillar that can make or break a business. At the heart of every business is data. This data consists of information necessary for the company to operate. Database security refers to the various measures organizations take to ensure their databases. Protection ensures data is protected from internal and external threats. Database security includes protecting the database itself, the data it contains, its database management system, and the various applications that access it.
The best defense is a strong offense, so let's look at five key practices to keep your database secure: protect, audit, manage, update, and encrypt. While what's most critical depends on who you ask, encrypting all data sent to and stored in the database comes first. The reasoning is it's to protect from unauthorized access and potential data leakage. It is crucial to ensure that credentials are secured and encrypted, and that encryption keys are managed according to best practice. The how's will be different based on the engine but the end results are the same.
Definition:
Database security means something different across the different RDBMS engines. There are differences between database and data security. Database security is a layer of information security. It is basically concerned with physical protection of information, encryption of information in storage and data remanence issues. Data security is generally defined as the confidentiality, availability, and integrity of data.
Access Control:
Access control is done by creating user accounts and controlling login process by the DBMS. So, database access of sensitive data is possible only to those people (database users) who are allowed to access such data and to restrict access to unauthorized persons.
This database security podcast talks about how we secured databases used in the book. Real world examples have been provided using encryption, redaction, and their performance impact. Regardless of decisions made, you only allow access on a "need to know" basis.
