Insider Security Threats

Monitoring is the key to really good security.

Are you worried about internal users at your company compromising your data security? I’d hope that you are at least a little worried, after all, we find out regularly that people we thought we knew acted in a surprising manner, or did something inappropriate that we hadn’t expected. It’s not always malicious or intentional, but even when it’s accidental, our security gets compromised and we receive some of the blame.

Security is a hard process to implement, especially over time. Too much security implies too little trust, and as humans, we want to trust each other. As we work together, and build trust, we tend to let security lapse a bit. As organizations grow, evolve, and change people around, we introduce security loopholes from mis-configurations, poor architectural foundations, or simple mistakes like failing to remove someone from a security role.

This piece talks a bit about the internal security threats you face, while ranting a bit about the term “insider threat”. The threats you face from external attackers are different from those you face from internal employees. However in each case, there’s one thing that’s important for getting close to a secure environment: monitoring.

We can’t determine every type of attack vector, protect every system or database completely, but we can monitor for issues and be prepared to react when a problem occurs. The auditing capabilities of SQL Server have grown tremendously with the eventing enhancements to the platform, and I urge you to spend some time learning about Extended Events, which give you even more of an insight into what is happening on your server.

Steve Jones

The Voice of the DBA Podcasts

We are having some technical issues with our hosting provider and are working to get the podcasts back online soon. Our apologies for the delays.

About way0utwest

Editor, SQLServerCentral
This entry was posted in Editorial and tagged . Bookmark the permalink.