Database Security Essentials - Part 2
For any company in today's business world, having an efficient, well-run database that is completely secure is essential. In this second installment of our look at database security we look at how encryption, authentication and auditing can keep your important information from being compromised, either maliciously or inadvertently.
Encryption
Wikipedia defines encryption as "encryption is the process of transforming information (referred to as plaintext) using an algorithm (called cipher) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key."
In terms of database security, all information in the database is encrypted so only intended users can read it. This is also essential for inputting and transferring secure information on the internet, like credit card details. Probably the most common example is the encrypted payment pages you see when making online purchases.
Authentication
This is another basic concept of database administration. Basically, if someone wants to access the database they have to provide their username, password or other authentication information. This could apply to people who can directly access or manage a database. However, it can also apply to consumers using certain services like online banking. Authentication in this case ensures that only they can access their account information and make transactions online.
Auditing
Database auditing involves the monitoring of a database to ensure that no unauthorized users are gaining access to the database. Database auditing can take place at regular intervals. However, a more effective method is ongoing database auditing so would-be hackers can not breach the data between audits.
For a truly secure database, data access auditing should also be carried out as a matter of course. Basically, the database auditor should be automatically alerted if there is anything suspicious in the manner that information on the database is accessed. In this case, the system should provide information on when the data was accessed and by whom, where was it accessed from, what software or SQL statement was used to access it, and exactly what data was accessed.
There are a number of database auditing solutions available that work with popular database software including Microsoft SQL Server, Oracle and Sybase.
Disaster recovery
No matter how secure a database is, something can always go wrong. For this reason, a disaster recovery program needs to be in place so there is an alternative to the main database at hand if needs be. Common solutions include making backups to disk or other information storage devices (preferably daily); having surge protectors and UPSs (uninterruptible power supplies) in place to protect equipment and ensure the database continues running if the power supply fails; and replication of the database off site.
Written by: David C Skul - CEOBack to Articles | Next Article | Relativity | Watch the Video
Sign Up for Our Newsletter
Do you want more? Do you want to be notified of new blog postings and other exciting developments weekly? Do you want the competitive edge over your marketplace?
Sign Up for Our Newsletter and get Free Gifts when you Sign Up and Confirm Your Subscription:
- Monthly Updates and Informative Articles and Videos from our team of experts.
- White Papers and Free Training Offers
- Special Discounts and Incentives on our Services and Products
- Special Discounts and Incentives from our Channel Partners
- Monthly Prizes and Incentives for Blog Postings
- Much, Much More
Have questions or suggestions?
Contact Us By Email:
Terms Of Service | Guarantees | Privacy Policy
©2008 Relativity | www.relativitycorp.com is a division of Relativity, Inc, a Colorado, USA Corporation. All rights reserved.