DBAs Need to Work With Colleagues on Database Security
Author: John Kaufling | 3 min read | October 29, 2013
Network security remains an ongoing challenge, if not a struggle, for organizations of all sizes in various industry sectors.
No enterprise is safe, as clearly demonstrated by recent cyberattacks against venerable organizations worldwide, including American Express, the Associated Press, CBS News, JPMorgan Chase, Saudi Aramco, and leading South Korean banks and television stations. Even noted anti-spam organization Spamhaus has not been immune to cyberattacks.
Working together
What can aid enterprises enormously in securing their networks is a firm alliance between database administrators and security professionals.
As Ericka Chickowski, writing for Dark Reading, observed, the problem is these two camps don’t have much in common for starters:
“The lack of a common ground in knowledge base and the divergence in business goals can often lead the two groups to grow so at odds that data security gets lost in the conflict. However, CISOs can do a lot to foster better relations between database staff and security staff for improved database risk management. “
Finding a common ground
Database security is important, but it’s not the only task facing enterprise security professionals who have a broad range of responsibilities for internal and external security. Brad Johnson, vice president at consultancy SystemExperts, told Dark Reading:
“DBAs tend to view their work from the perspective of a normal user, while IT security staff tends to look at DB or Web functionality from the perspective of an intruder. The former is trying to do their job, the latter is trying to ‘break in’ to get access to data or services that were meant to be controlled or private.”
Technology professionals say there are several strategies for building up these alliances, starting with encouraging collaboration and consensus-building between database administrators and security staff. Security is one common ground these two groups can find. Management can play an important role in promoting and, ultimately, achieving collaborative harmony.
Security reviews
Auditing and other types of comprehensive security reviews can help those focusing on database issues see the role they play in eliminating network or system vulnerabilities. Through these types of audits, database administrators can freely bring to the table their best efforts and ideas for stemming vulnerabilities. These could be, for example, insights they have developed based on comprehensive application testing.
And both groups can bring forward issues that must be addressed not only for data security, but also for assuring compliance with emerging rules and regulations that may apply to the enterprise.
Working closely with the security staff, database administrators can complement and enhance the enterprise’s security efforts.
Has your company achieved harmony between DBAs and IT Security? How did your company do it? Let us know, we’d love to get your feedback.