There can be no doubt that we live in the age of information.

From business data, to professional sports statistics, to self-driving vehicles, the amount of information we generate is astounding.

All that information at our fingertips, but it has to be stored somewhere.

And that somewhere is usually the database, because all information is data.

Perhaps you have heard of the phrase “knowledge is power”.

Well I say “Data is power”, and data needs to be protected.

Today I talk about how the Data Guardian has to protect their data.

The importance of Data Security

We all have to be on our toes to avoid being the cause of a security breach.

Perhaps you’ve heard the same through your company’s annual security training!

A Data Guardian’s job is to protect the data to avoid harm from having it stolen.

Even if your data doesn’t fall under strict security compliance requirements such as financial or health information, your data can still be used by bad actors.

In today’s world, any bit of information can be pieced together with other bits of information to harm you, your family, or your employer.

As part of their role, the Data Guardian will work on Data Security either reactively or proactively.

Data Police

Reactive Data Security would be if there was a breach of your data. You are then called in to investigate what happened.

You are like a police officer that is called in to handle a robbery.

It might be the case that you arrived and you have to piece together the stories of witnesses.

You might even review security camera footage if it is available.

Perhaps you find evidence of SQL injection, in which the robber manipulated the application to get the data.

Or perhaps you find that someone’s database user was compromised.

Or even that a disgruntled ex-employee never had their user removed at all.

Unfortunately, you don’t have footage to help identify what happened because you did not have proper audit logging enabled.

Data Guard

In that scenario, the damage is already done.

Your data has been compromised or stolen.

If you had been more like a Security Guard, you would have put in proper systems to protect the data.

Imagine setting up security at a bank.

You have proper authentication set up for your users.

And only authorized users could access the data, following the principle of least privilege.

Sensitive data is encrypted so it can’t be stolen off the wire, or off the hard drive.

Audit logs are captured both from the database and the application perspective, and are reviewed regularly.

Conclusion

Data Security is a critical component of being a database administrator today.

And setting a basic foundation will go a long way to protecting the data.

Proper user authentication and authorization, and judicious encryption at rest and transit will ensure that your data is properly protected.

The Data Guardian will need to balance between the friction of securing the data with the impact to performance that comes with adding that friction.

If you are a database administrator, are you the reactive Data Police?

Or the proactive Data Guard?

Let me know in the comments!