Security risks to database systems include, for example: Ross J. Anderson has often said that by their nature large databases will never be free of abuse by breaches of security; if a large system is designed for ease of access it becomes insecure; if made watertight it becomes impossible to use.
[citation needed] Another point of internal control is adherence to the principle of providing the least amount of privileges, especially in production.
To allow developers more access to get their work done, it is much safer to use impersonation for exceptions that require elevated privileges (e.g.
Please be aware, however, that DBAs must do all that is considered responsible because they are the de facto data stewards of the organization and must comply with regulations and the law.
Application level authentication and authorization mechanisms may be effective means of providing abstraction from the database layer.
Analysis can be performed to identify known exploits or policy breaches, or baselines can be captured over time to build a normal pattern used for detection of anomalous activity that could be indicative of intrusion.
This requires the DAM audit trail to be securely stored in a separate system not administered by the database administration group.
The native audit trails are extracted on a regular basis and transferred to a designated security system where the database administrators do/should not have access.
This ensures a certain level of segregation of duties that may provide evidence the native audit trails were not modified by authenticated administrators, and should be conducted by a security-oriented senior DBA group with read rights into production.
Generally, the native audit trails of databases do not provide sufficient controls to enforce separation of duties; therefore, the network and/or kernel module level host based monitoring capabilities provides a higher degree of confidence for forensics and preservation of evidence.
For individual accounts a two-factor authentication system improves security but adds complexity and cost.
[5] After an incident occurs, database forensics can be employed to determine the scope of the breach, and to identify appropriate changes to systems and processes.