Application Security DbProtect

Since nobody would dispute that database security is a very important issue it must be safe to assume that all databases are very secure, right? OK, so you've spotted the logical flaw there already. Whilst we all know how important database security is, the reality is that we also know that it is often very poorly implemented in practice. A good question at this point is "why?" What is wrong, not with the theory, but the practice? The answer is, of course, the people.

Firstly, database security is often set up inefficiently by database administrators. It shouldn't happen but in practice DBAs (DataBase Administrators) frequently focus on tasks that are seen as truly database related - index maintenance, partitioning etc. - and regard security as tangential to the real job.

Secondly, the skills required to set up a secure system are non-transferable between database engines, unlike those more core skills.

A third problem is that not only are security skills non-transferable between engines, they're often non-transferable between different versions of the same engine.

Fourthly: the expression "Oh, security in is simple" is on that list of sentences you never actually hear; along with "Actually, I always thought that Cherie Blair had fantastic hair." Yes, it's physically possibly to string the words together, but no-one ever would.

The bottom line is that security is complex to implement. It can frequently be applied at many different levels (user, object, etc); security rights can be explicit, implicit and/or inherited or - well, the list goes on and on.

So the options are to put in the work necessary to understand and deliver this level of security or to hire an expensive database security consultant and hope that he or she has put in the work necessary. Or you could invest in a tool to do the job and this is where DBProtect comes in.

One huge advantage of a tool is that only one single group needs to stay current with all the vagaries of security, that being the members of the group that builds and maintains the tool. If they do their job well, the tool stays 'aware' of the most recent vulnerabilities in each engine.

A tool can also address the elements of security that DBAs can't control directly. For instance, not all versions of all engines enforce strong passwords. A DBA can issue edicts and reminders to users about using strong passwords, but software can test all passwords and uncover weak ones.

DbProtect

DbProtect from Application Security has its headquarters in New York and a European office in Crewe.

Appsec describes DbProtect as a database security suite that will assist an organisation in reducing risk and improve auditing compliance. As part of the suite come two tools, AppDetective and AppRadar. The first will assess a database for vulnerabilities and the second will monitor activity on a database.

DbProtect approaches security from four angles, by monitoring activity, by supporting auditing requirements, by managing the patches that keep security current, and by giving insight into potential vulnerabilities in the IT infrastructure.

Email to a friend

Print this page