When Security and Databases Collide

Home | Submit Articles | Login

Luxury Homes

Number Times Read : 4 Word Count: 770

Stats
Total Articles: 592210 Total Authors: 53709 Total Downloads: 2942900 Newest Member George Bennett

You are at : Home | Databases

When Security and Databases Collide - A Common Oversight

Category Rss Feed - http://www.greatarticlesite.com/rss.php?rss=66

By : Zellars Ferranti zero times read

Submitted 2012-01-22 10:00:28

Here is the number one reason database security projects fail. It's not likely going to be what you'd think it is, since most security failures are traced to human oversights or backdoors created to simplify usage. In reality, the number one reason database security projects fail is because the DBA was never included in the security project's planning to start with.

It seems counter-intuitive to leave your database expert and administrator out of the loop when creating security protocols, but it happens often. Many organizations view security as something separate from database maintenance and expansion, instead thinking that the DB expert really only needs to be involved in security while the database is being built.

That's not so. It's especially true if your DBA is being outsourced or utilizing shared IT resources.

Sometimes, security or database professionals view one another as 'troublemakers' or 'hurdles' rather than as teammates. This is often because of the way that IT 'geeks' (especially database engineers) and security 'muscle' see one another. At its most fundamental, however, the most important task of a DBA outside of keeping the database running is to keep it safe from harm - meaning keeping it secure. For security, their primary goal is the safety of their organization and its assets - including data.

So the two should be seeing eye-to-eye. Seen from this perspective, it would seem surprising if they don't see themselves as coequal teammates.

Both sides of this supposed conflict need to adjust their viewpoint. DBAs often over-focus on performance and tuning of their database and under-focus on security. Security often over-focuses on 'lockdown' measures, having little DB knowledge, and has no concept of performance or usage needs. To see things on a level field, both sides have to adjust.

So security pros need to understand that securing the data is one thing, but making it inaccessible and unusable defeats the purpose of having the data in the first place. For their part, DBAs need to understand that some performance losses are going to be required in order to keep the data they're entrusted with from becoming compromised.

A middle ground must be found.

This isn't hard to do, but it does require time and commitment. Both sides must learn something of the other's jobs. Security should learn what it is that the DBA is doing and the DBA should learn what security does. By getting a good overview and understanding of the general practices of either side, both sides will benefit and the organization as a whole will find itself much better off.

With outsourced DB administration and optimization, this is especially important. Security is usually an in-house affair, but can be outsourced just as DBA is. In some cases, the same firm handles both issues - this is preferable as an integrated security/DB, when done right, means a better and more secure system.

Author Resource:- [About] The DBA Shoppe specializes in remote DBA services for clients with Oracle, DB2 and SQL Server databases. Providing certified Database Administrators for your day to day requirements, the DBA Shoppe saves you time and money. How healthy are your databases? Discover today at http://www.TheDBAShoppe.com

Article From The Great Article site

Related Articles

HTML Ready Article. Click on the "Copy" button to copy into your clipboard.

<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN' 'http://www.w3.org/TR/html4/loose.dtd'><html><head><title>The Great Article site | When Security and Databases Collide - A Common Oversight</title></head><body><h3>When Security and Databases Collide - A Common Oversight</h3> By: Zellars Ferranti Here is the number one reason database security projects fail. It's not likely going to be what you'd think it is, since most security failures are traced to human oversights or backdoors created to simplify usage. In reality, the number one reason database security projects fail is because the DBA was never included in the security project's planning to start with. It seems counter-intuitive to leave your database expert and administrator out of the loop when creating security protocols, but it happens often. Many organizations view security as something separate from database maintenance and expansion, instead thinking that the DB expert really only needs to be involved in security while the database is being built. That's not so. It's especially true if your DBA is being outsourced or utilizing shared IT resources. Sometimes, security or database professionals view one another as 'troublemakers' or 'hurdles' rather than as teammates. This is often because of the way that IT 'geeks' (especially database engineers) and security 'muscle' see one another. At its most fundamental, however, the most important task of a DBA outside of keeping the database running is to keep it safe from harm - meaning keeping it secure. For security, their primary goal is the safety of their organization and its assets - including data. So the two should be seeing eye-to-eye. Seen from this perspective, it would seem surprising if they don't see themselves as coequal teammates. Both sides of this supposed conflict need to adjust their viewpoint. DBAs often over-focus on performance and tuning of their database and under-focus on security. Security often over-focuses on 'lockdown' measures, having little DB knowledge, and has no concept of performance or usage needs. To see things on a level field, both sides have to adjust. So security pros need to understand that securing the data is one thing, but making it inaccessible and unusable defeats the purpose of having the data in the first place. For their part, DBAs need to understand that some performance losses are going to be required in order to keep the data they're entrusted with from becoming compromised. A middle ground must be found. This isn't hard to do, but it does require time and commitment. Both sides must learn something of the other's jobs. Security should learn what it is that the DBA is doing and the DBA should learn what security does. By getting a good overview and understanding of the general practices of either side, both sides will benefit and the organization as a whole will find itself much better off. With outsourced DB administration and optimization, this is especially important. Security is usually an in-house affair, but can be outsourced just as DBA is. In some cases, the same firm handles both issues - this is preferable as an integrated security/DB, when done right, means a better and more secure system. Author Resource:-> [About] The DBA Shoppe specializes in <a href="http://www.thedbashoppe.com/">remote DBA services</a> for clients with Oracle, DB2 and SQL Server databases. Providing certified Database Administrators for your day to day requirements, the DBA Shoppe saves you time and money. How healthy are your databases? Discover today at <a href="http://www.TheDBAShoppe.com" target="_blank">http://www.TheDBAShoppe.com</a> Article From <a href='http://www.greatarticlesite.com/'>The Great Article site</a> </body></html>

Firefox users please select/copy/paste as usual

Rate This Article
Vote to see the results!

Do you like this article?

New Members
	Sign up
	Learn More


Nav Menu
	Home
	Login
	Submit Articles
	Submission Guidelines
	Top Articles
	Link Directory
	About Us
	Contact Us
	Privacy Policy
	RSS Feeds

Actions

Print This Article

Add To Favorites


Sponsors

Blue host coupon | Blue host coupon | host monster coupon | host monster coupon |

Privacy Policy \| Contact us