The Essentials Series: Role of Database Activity Monitoring in Database Securityby Dan Sullivan
Network professionals and database administrators both play critical roles in protecting information assets, ensuring a secure environment, and maintaining compliance with regulations. In the past, network and database security practices were fairly independent but that is no longer the case. In today's increasingly complex security environment, network professionals and database administrators must coordinate their activities and share information. This Essential Series outlines best practices for database activity monitoring and describes how to implement an increasingly important technology for meeting business needs that span the networking and database management arenas.
Article 1: Data Discovery and Classification in Database Security
Databases are highly complex and essential components of todayâ€™s businesses. Simply knowing what databases are running in your environment is a more difficult task that it may appear because of informal practices among developers and departments working â€œunder the radarâ€ of IT management. This article describes how to conduct the first step in database activity monitoring: discovering what database are in an organization and what type of data is in those systems.
Article 2: Database Assessment and Management in Database Security
After conducting a database discovery operation, the next step on the road to effective database activity monitoring is to conduct a vulnerability assessment. The object of this step is to provide information about weakness in those databases and to prioritize the need for mitigation.
Article 3: Mitigating Risks and Monitoring Activity for Database Security
The final article in this series describes a framework for implementing ongoing monitoring and control. With an understanding of what databases exist in an organization and their vulnerabilities, it is time to assess the business value of each database and mitigate the risks on those of value and decommission others. This article describes how to implement database activity monitoring procedures to preserve the benefits realized by conducting discovery, vulnerability assessment, and mitigation tasks. The benefits of a formal database activity monitoring process include improved security monitoring, more efficient compliance reporting, and better monitoring of database and application integration.