Malicious insiders represent today's toughest challenge for security architects. Traditional database security tools such as encryption and access controls are rendered useless by a trusted employee who has--or can easily obtain--the right credentials. In addition, more users in the enterprise are getting database access, including DBAs, application developers, software engineers, and even marketing, HR, and customer support representatives. And whether spurred by revenge or tempted by easy money, insiders can sell their booty on a bustling information black market.
At the same time, enterprises are under increasing regulatory and market pressure to protect sensitive information. Thanks to recent laws, businesses are often compelled to report database breaches or information loss. The resulting public relations disaster can destroy customer trust, invoke government and industry fines, cause stock prices to plummet, and bring class-action litigators running. The bottom line? Enterprises that don't address the insider threat may find themselves strung up on the twin gallows of regulatory penalties and customer outrage.
The only solution to this problem is vigilance. Security and data center teams must roll up their sleeves to implement and enforce a set of best practices to address the insider threat. IT architects must then bolster policies by using the access control, auditing, and other security features built into all major database platforms.
Architects can further enhance their enforcement with an emerging group of products that provide increased scrutiny of authorized users. Sometimes called database Intrusion Detection Systems (IDSs) or enhanced auditing solutions, these monitoring products examine the behavior of authorized users.
INSIDER THREATS: THE PERFECT STORM