DATABASE SECURITY

Introduction
Security is an important issue in database management because information stored in a database
is very valuable and many time, very sensitive commodity. So the data in a database
management system need to be protected from abuse and should be protected from unauthorized
access and updates. It is popular belief that hackers cause most security breaches, but in reality,
80% of data loss is to insiders.

Why database security is important?

The evolution of digital technology and the growth of the Internet have made life and work more
efficient and convenient. Information can be accessed with a few clicks of a mouse or by
scrolling through and tapping a touch screen. Filing cabinets have gone the way of typewriters
and fax machines. Companies can organize and store large volumes of information in databases
that are “in the cloud”. Information stored in the database is important for business. Any business
possesses and generates a database of info on transactions, communications, infrastructure or
processes. These are considered valuable assets. In the wrong hands, they can lead to the
downfall of the business, personal and financial ruin of the client/ customer. This is why
database security is important. Criminal elements; people with malicious intent are targeting
your data because they want to take your success away from you. Thus, in as much as digital
technology and the Internet have made life and work easier; they have likewise made risks
higher for business and the consumer. Data security becomes all the more important for CRM
used in the real estate business, owing to the vast amount of lead data being stored and managed
on an everyday basis. It is the best real estate CRM software that takes the protection and
security of its customers' data very seriously

Key security features include:

 Data Deletion
 Physical Security
 Application Security
  Application Architecture
 Application Engineering & Development
 Quality Assurance
 Deployment & Post Deployment
 Operational Security
 Network Security
 Regulatory Compliance
 Dual Data Security
 Vulnerability Assessment & Penetration Testing (VAPT)

Database security is the protection of the database against intentional and unintentional threats
that may be computer-based or non-computer-based. Database security is the business of the
entire organization as all people use the data held in the organization's database and any loss or
corruption to data would affect the day-to-day operation of the organization and the performance
of the people. Therefore, database security encompasses hardware, software, infrastructure,
people and data of the organization.

Now there is greater emphasis on database security than in the past as the amount of data stored
in corporate database is increasing and people are depending more on the corporate data for
decision-making, customer service management, supply chain management and so on. Any loss
or unavailability to the corporate data will cripple today's organization and will seriously affect
its performance. Now the unavailability of the database for even a few minutes could result in
serious losses to the organization.

Data Security Risks

 We have seen that the database security is the concern of the entire organization.
The organization should identify all the risk factors and weak elements from the
database security Perspective and find solutions to counter and neutralize each
such threat.
 A threat is any situation, event or personnel that will adversely affect the
database security and the smooth and efficient functioning of the organization. A
threat may be caused by a situation or event involving a person, action or
circumstance that is likely to bring harm to the organization. The harm may be
tangible, such as loss of data, damage to hardware, loss of software or intangible
such as loss of customer goodwill or credibility and so on.
Data Tampering
 Privacy of communications is essential to ensure that data cannot be modified or
viewed in transit. The chances of data tampering are high in case of distributed
environments as data moves between sites. In a data modification attack, an
unauthorized party on the network intercepts data in transit and changes that
data before retransmitting it. An example of this is changing the amount of a
banking transaction from Rs. 1000 to Rs. 10000.
 Data Theft
 Data must be stored and transmitted securely, so that information such as credit
card numbers cannot be stolen. Over the Internet and Wide Area Network
(WAN) environments, both public carriers and private network owners often
route portions of their network through insecure landlines, extremely vulnerable
microwave and satellite links, or a number of servers. This situation leaves
valuable data opens to view by any interested party. In Local Area Network (LAN)
environments within a building or campus, insiders with access to the physical
wiring can potentially view data not intended for them.
 Falsifying User Identities
 In a distributed environment, it becomes more feasible for a user to falsify an
identity to gain access to sensitive and important information. Criminals attempt
to st.eal users' credit card numbers, and then make purc~1ases against the
accounts. Or they steal other personal data, such as bank account numbers and
driver's license numbers, and setup bogus credit accounts in someone else's
name.
 Password-Related Threats
 In large systems, users must remember multiple passwords for the different
applications and services that they use. Users typically respond to the problem of
managing multiple passwords in several ways:
 • They may select easy-to-guess password
 • They may also choose to standardize passwords so that they are the same on all
machines or websites.
 All these strategies compromise password secrecy and service availability.
Moreover, administration of multiple user accounts and passwords is complex,
time-consuming, and expensive.
 Unauthorized Access to Tables and Columns
 The database may contain confidential tables, or confidential columns in a table,
whichshould not be available indiscriminately to all users authorized to access
the database. It shouldbe possible to protect data on a column level.
 Unauthorized Access to Data Rows
 Certain data rows may contain confidential information that should not be
available indiscriminately to users authorized to access the table. For example, in
 a shared environment' businesses should have access only to their own data;
customers should be able to see only their own orders.
 Lack of Accountability
 If the system administrator is unable to track users' activities, then users cannot
~e held responsible for their actions. There must be some reliable ways to
monitor who is performing what operations on the data.
 Complex User Management Requirements
 System must often support large number of users and therefore they must be
scalable.
 In such large-scale environments, the burden of managing user accounts and
passwords makes your system yulnerable to error and attack.