From Computer Weekly:
Given the vital importance of the information held within corporate and government databases it is surprising that the security of these databases is often of unknown provenance, at least as far as those charged with information security duties are concerned.
I am not setting out to offend an entire section of the IT industry by picking on database administrators. However, I believe database administrators and security managers need a better mutual understanding so that the security of these vital resources can be improved without overly database performance.
One of the common refrains I hear from database administrators is that they are unable to implement security mechanisms as the associated performance hit is too high. It is not my intention to explore the various intrinsic database security mechanisms or to discuss their strengths and weaknesses. My purpose here is to suggest methods of securing information while shifting the burden of securing databases from the administrators and not excessively impacting performance.
This is a refrain that I myself have heard time and again. I have also had database admins lie to my face confident that I didn’t know anything about Oracle. I’m no database kung fu specialist but, I have read enough of Litchfield and Finnigan to know they were blowing sunshine up my backside.
So, who has the keys to your data?
Read on.
[tags]Database Security, Database Administration[/tags]
