Why Read This
With increasingly sophisticated attacks and rising internal data theft, database security merits a stronger focus that goes beyond traditional authentication, authorization, and access control (AAA). A single intrusion that compromises private data such as credit card numbers, social security numbers, or other financial data can cause immense damage to an enterprise's reputation, not to mention initiating lawsuits and regulatory fines that can have long-term impact. Database security is the last line of defense, so it deserves greater focus on the protection of private data from both internal and external attacks than IT pros have traditionally given it. Database security professionals and information security and risk management professionals crafting a security strategy should: 1) align database security policies with information security policies; 2) ensure well-defined and formalized database security procedures; 3) enforce role separation; and 4) apply advanced security measures such as database auditing, monitoring, database encryption, data masking, and vulnerability assessment to all critical databases that store private data.