Database Security

• Database security unites all protection activities performed on the database

management system. It’s responsible for the data layer of software architecture,
its processing, transfer, and storage.
• The main components of database security are:
• Setting up security controls: database management systems usually offer custom
systems of security assurance and monitoring. Developers need to edit the settings.
• Configuration of a DBMS: security requires an organized data structure, edited safety
settings, permissions, and access controls.
• Authentification: each database should be automatically verifying user access to
settings, networks, and data;
• Constant database audit: monitoring database safety helps to catch security errors in
time, reducing the impact of a breach, and detect suspicious patterns.
• Backups: a safe database is always an audited mechanism for backup creation and
management. Even if data is compromised or deleted, you will always have a copied
version.
• Encryption: implementing file encryption protects the contents of the file from being
understood and utilized by cybercriminals. Even if they get access to the database, the
information itself won’t be displayed.
 The importance of database security
• Over the last few years, we’ve seen what happens when businesses fail to keep their sensitive information secure.
• Only in April of 2020 Godaddy, the Dutch Government, United Nations, and Defense Information Systems Energy had data
leaks. With an increased percentage of remote work and data access, the chances of compromising corporate and organization
security grows.
• Big data breaches, like the ones in Uber or Equifax, make history and impact the company’s reputation long-term. Even an
insignificant security crisis can have drastic consequences for the business.
• Compromising secret practices: if your company has unique technological inventions, creative work, strategic
documentation, or trade secrets, the breach of this data will weaken your presence on the market and potentially strengthen
competitors.

• Ruining reputation: today, many companies position safety as their main competitive advantage. Users become
increasingly more aware of security risks and prefer cooperating with trusted businesses. Harris Poll survey showed that for
63% of people safety is a crucial factor in deciding on a purchase.

• Facing legal consequences: governments become aware of indecent data storage practices and push them on the legal
level. HIPAA, Payment Card Security Standards, GDPR have million-worth fines for compromising user data.

• Bottlenecks: for data-based businesses, a breach means impossibility to continue their work and turn into downtime.

• Database security issues tend to accumulate. If you don’t tend to the safety of your data and DBMS, threats will pile up,
compromising your team’s and client’s safety, operations, and resulting in a much bigger breach.
Main database security threats

• The main task of database security is dealing with data

layer threats.
• It’s important to understand the risks of storing,
transferring, and processing data.
• Knowing which patterns might jeopardize your safety,
you can remove vulnerabilities before they cause an
actual accident.
• We analyzed the most common database security
threats and their specifics: if you are protected from
those, you are safe from 99% of all attacks.
• Insider threats
• It’s the simplest type of a database threat but also the
one which is the hardest to predict. Basically, a person
who has assigned access to the database and its
settings leaks, damages, or deletes information – and
there’s a number of ways how it could be done.
• Malicious intention: someone hijacks the official access to the
database – it’s either an employee of the company or an
authorized partner;
• Negligence: a person can accidentally share access to the
database via an email or flash drive or after catching a virus.
• Infiltration: someone enters the team with the purpose of
hijacking the company’s data – less common for small and
medium businesses, possible for corporations.
• The surest way of minimizing the risks of insider attacks is to
regularly revisit database security standards and access policies.
The company should enable access to the database only for
people who need it directly for their work. Employees who no
longer work in the company or vendors should not have full
permission, if any.
• Buffer overflow happens when a hacker runs processes
overloaded with data. The block can’t hold the length of
the request and stops responding. Several such attacks
can be handled easily by the system, but thousands of
faulty requests cause an overload.
• A distributed denial of service attack is even more
dangerous. In this case, the increased number of
requests comes from different devices and servers,
typically located all over the world.
• It makes locating the source of threat a lot more
difficult, and such attacks tend to last 3-4 times longer.