When it comes to database security, it is not only the actions of DBAs and super-users that must be watched.  Companies must also closely monitor how end users leverage the database.  This is particularly important when it comes to the retrieval of the data contained within that repository.

Gartner is particularly concerned about end users who access data through inappropriate or unapproved channels.  The analyst states that, “This problem is similar to that for privileged users, but the risk is somewhat different. End users sometimes access data directly, without using the approved applications or channels. They sometimes do this simply for convenience. But the result may be undetected changes to data that seriously impacts availability and data integrity.”

What do they recommend?  That organizations implement “detective security measures to determine whether end users are trying to bypass proper channels”.  For example, are end users attempting to go directly to the database, to either view, add, or alter database information, without going through existing application-level controls?

dbMaestro TeamWork™ can help.  As we discussed in prior posts, our powerful database version control solution includes a unique locking capability that it an inherent part of the database itself, so it cannot be overridden or bypassed in any way.  Therefore, it can optimize security by capturing details about how data is retrieved or altered, regardless of the connection type, the application, or the client.

Refer to earlier posts in the series, where we highlighted other areas of database administration that need to be closely monitored, including changes to database information, use of unapproved channels by privileged users, modification of database schemas, and addition or alteration of user accounts.

Tags: Change Management Software, database change control, database change management, Database Change Mangagement, database configuration management, database deployment manager, database deployment tool, database management software, database schema control, database version control, DBA, Gartner, oracle change management, oracle database change management, oracle database version control, oracle db change management, oracle version control, SCM, SDLC, Software Change Management, Software Development Life Cycle, SOX

This entry was posted on Wednesday, January 12th, 2011 at 10:20 AM and is filed under General. You can leave a response, or trackback from your own site.