Some of the greatest threats to databases come not through hackers, dangerous as they are, but instead through account-provisioning errors, such as old accounts that are still able to be accessed and through which information can be stolen. Unfortunately, in many organizations the process of database account provisioning and validation never quite happens. Even if a company has a form of identity and access management tool, database accounts sometimes never get worked in because of their integration complexity. Consequently if accounts are tracked it is done manually which often leads to the number of accounts or who has access being unknown. Pooled application accounts can complicate matters even more since user identity can be lost when web applications access a database.
To begin, organizations with database account provisioning problems can begin to correct things by finding out:
- Where accounts are and everything they’re used for
- When the passwords to these accounts were last changed
- What access control list system is being used and when it was last checked
- If the audit logs the databases generate are being analyzed.
Additional steps include such things like native database logging, log management, security information, and event management tools etc. to make sure accounts are properly provisioned and not abused. Though there has to be some sort of logging mechanism, it’s not always enough, but it’s a start into tracking users and their access of information.
