While most security pros have become painfully aware of the threats posed to their organizations' databases, many of those who create and maintain the databases still don't fully understand the danger. This "security primer" is designed to open the eyes of the DBA to the risks posed by poor database security - and to current "best practices" that can help prevent those risks from becoming reality.

Executive Summary:

For too long now, the database has been one of the last untamed frontiers of enterprise security. Consumed with the high-pressure responsibilities associated with running these most valuable of IT assets, beleaguered database administrators (DBAs) have largely been given a pass on security, even as their counterparts in networking and Windows systems administration have been asked to toe a hard line. That free pass is about to reach its expiration date. Emerging threats to the database and a plethora of complex regulatory requirements for managing data are forcing organizations to rethink the way they secure their structured data stores. With so many financially motivated attackers looking for easy paths to valuable data—and a growing panoply of vulnerable Web-facing applications connected to those databases—organizations can no longer set up a firewall around their data stores and call it a day. Data protection has to be strengthened from the inside out if we’re to have any hope of properly mitigating risks.

As the “wizards” who solve the everyday mysteries of database management,

DBAs must now play a pivotal role in securing these highly complex and valuable applications. Though the prospect of new roles and responsibilities added onto the laundry list of existing tasks may seem daunting to most DBAs, security administration needn’t be scary.

This report is meant to act as a security primer for the typical DBA. We’ll bring database experts up to speed on security principles and offer advice on how to properly configure, harden and encrypt databases in order to mitigate risks and meet compliance regulations. We’ll also offers tips and insights into how DBAs can work with the security team to carry out initiatives that may cross job functions—or that may be outside the scope of the DBA’s daily responsibilities.

About the Author:

Ericka Chickowski is an experienced business and technology journalist who specializes in coverage of IT security, regulatory compliance, business alignment, project  anagement and IT employment.

In addition to her work for Dark Reading and InformationWeek,

Chickowski’s perspectives on technology have appeared in a number of trade and consumer magazines, including CIO Insight, Baseline, Entrepreneur and Consumers Digest. She has covered the IT security industry extensively over the last six years, gaining particular insight and expertise while working as the West Coast bureau chief for SC Magazine.

Chickowski graduated with a B.A. in English from the University of

Washington and currently resides in San Diego. Readers may contact her at ericka@chickowski.com.