6 Database Security Best Practices
Anthony Mathenge 27th November 2015

Databases are a treasure chest of data, often highly sensitive data. They are also a key target to malicious cybercriminals due to the valuable nature of sensitive information locked away inside. Data breaches threaten the survivability of any organization. The financial impact of the breach is not the only issue that affects companies that are victims of unauthorized data access. Fines, legal fees, reputation damage and loss of customer trust must also be counted into the breach’s total impact on the company.

Remarkable security breach announcements are publicized daily. Hackers and rogue employees endlessly search for new ways to steal sensitive information. According to a recent report, there are a number of security failures that hackers take advantage of. However, it is often the staff of a company – developers, administrators and the like – that create the environment necessary for cybercriminals to gain access to the data.

What can a company do to ensure they don’t make the data breach headlines? Luckily, there are several best practices that can help even the smallest of businesses secure their databases enough to make an attacker move on to an easier target.

Keep the Database and the Application Server separate

When installing most web software, the database is automatically created for you. To streamline and make things easy, this database is created on the same server where the application itself is being installed, the web server. This makes it all too easy for a malicious person to gain access to the data. A database should be stored on a separate database server protected by a firewall.

Keep patches updated

Possible hackers are paying attention to known vulnerabilities; are you? This is one area where most people often come up short. Web applications that are rich in third-party applications, components, widgets, add-ons and various other plug-ins can easily be potential targets. Keep them to a minimum. Most of these are created by people who often discontinue support. Ensure that you are up to date with all patches and monitor any known vulnerabilities that could affect your security efforts.

Database Activity Monitoring

Database Activity Monitoring allows organizations to view all database activity including local privileged access and sophisticated attacks from within the database itself. Monitoring helps administrators protect their valuable data from external threats and malicious insiders by alerting them to attacks as well as stopping sessions that violate predefined security policies.

Database Activity Monitoring focuses on the evaluation of the SQL statements accessing the data from a security perspective.

Maintain Strong Passwords

Use a password generator and keep it in a password vault. Avoid default passwords or cutting and pasting a username.


Encrypt your data. The stored files of a web application often contain information about the databases the software needs to connect to. If this information is stored in plain text like many default installations do, provide the environment an attacker needs to access sensitive data. An encryption tool can protect your most critical data from being exploited.

Avoid using a Shared Server

If your database holds sensitive information such as customer details, avoid using a shared server. While it may be easier and cheaper, you are essentially placing the security of your organization’s information in the hands of the hosting provider. If you have no choice, review the hosting provider’s security policies and get to know what their responsibilities are should your data become compromised.

Protecting against unauthorized data access must be an ongoing process. The points above should help guide you in the right direction as you work to help protect your organization’s assets and customer data. Failing to safeguard your database can jeopardize business operations and the reputation of your organization.

Icon Credit: Created by Creative Stall from Noun Project.