Whitepaper

Understanding and Managing Privileged Access to Databases and Other Data Resources

This Whitepaper analyses the issues surrounding access management, privacy, security and compliance when identities access compute and storage resources, with a special focus on database technologies commonly found in modern enterprises.

Paul Fisher

pf@kuppingercole.com

1 Executive Summary

Databases remain the most widespread technology for storing and managing business-critical digital information. Manufacturing process parameters, sensitive financial transactions, or confidential customer records - all this valuable corporate data must be protected against compromises of their integrity and confidentiality without affecting their availability for business processes.

At the same time, organizations are modernizing IT infrastructure and adopting multi-cloud infrastructures to support evolving business process demands. This can lead to user error with a risk of data compliance failure or data loss if access to resources is not manged correctly. This is true for all resources that reside on premises or in the cloud including those servers and databases already mentioned which are a fundamental part of modern business environments.

As more and more companies are embracing digital transformation, the challenges of securely storing, processing, and exchanging digital data continue to multiply. With the average cost of a data breach reaching $4M, just direct financial losses can be catastrophic for many companies, not even considering indirect reputational damages. High-profile "mega-breaches" that expose millions of sensitive data records can easily drive these costs up to hundreds of millions of dollars, but even the victims of smaller ones are now facing increasingly harsh compliance fines.

The risks of unsecured database access are:

  • Inappropriate access to sensitive data by administrators or other accounts with excessive privileges.
  • Malware, phishing, and other types of cyberattacks that compromise legitimate user accounts.
  • Unpatched security vulnerabilities or configuration problems in the database software, which may lead to data loss or availability issues.
  • Attacks specifically crafted to target databases through application interfaces or APIs, like SQL injections for relational databases and similar exploits for NoSQL and Big Data solutions.
  • Sensitive data exposure due to poor data lifecycle management. This includes improperly protected backups, testing or analytical data without proper masking, etc.
  • Unsanctioned access to encrypted sensitive data due to improper key management – this is especially critical for cloud environments where encryption is often managed by the cloud service provider.
  • Insufficient monitoring and auditing – not only do these pose a significant noncompliance risk, but a lack of a tamper-proof audit trail also makes forensic investigations and incident response much more complicated.

It is important that organizations understand the risks of poorly defended databases and servers and take steps to harden access and authentication processes so only those authorized to gain access can do so.


Full article is available for registered users with free trial access or paid subscription.

Register and read on!

Sign up for the Professional or Specialist Subscription Packages to access the entire body of the KuppingerCole research library consisting of 700+ articles.

I have an account
Log in  
Register your account to start 30 days of free trial access
Register  
Subscribe to become a client
Choose a package