strongDM recently released its State of Enterprise Database Access Report. The report details the importance of well-managed access to enterprise databases to achieve total visibility, precise control, and confident access.
A majority (81%) of IT professionals are managing multiple versions of the same database, creating windows of opportunity for adversaries to sneak through the cracks. Complicating matters is that many organizations have no central way to manage database access — and 57% of organizations name databases as one of the most difficult technologies to manage in terms of access.
We sat down with Justin McCarthy, co-founder and CTO at strongDM to discuss the report's findings, what makes enterprise data management a challenge for organizations, and how they can bolster database security.
What makes enterprise data management a challenge for orgs? What makes mismanaged databases a security risk?
Databases are foundational to an organization’s ability to build and develop applications and products. However, with over 400 different databases between relational and NoSQL alone, facilitating smooth and safe access has become increasingly difficult.
While databases are great at managing data, ease of use with regard to access has always been an afterthought. The result is that DBAs and other users can face substantial barriers and lost productivity as they go about their jobs. Even worse, employees might be faced with embracing risky workarounds such as maintaining backdoor access and sharing credentials across teams. With credentials being involved in a majority of today’s top data breaches, these practices add exceptional risk.
What was most surprising about this report's findings?
We initially underestimated the depth of database access challenges. Our recent survey revealed that 57% of respondents have listed databases as one of the most difficult technologies for managing access, which means this is a very common problem across the board. Challenges facing database access are also not limited to just granting or revoking access. Additional research we did earlier this year in our 2022: Year of Access Survey also revealed that 59% of organizations are struggling with identifying the proper path to a datastore, 47% cite locating a specific database as a challenge, and over half (53%) of teams claim they are being held accountable to missed deadlines for projects, regardless of if they had the access they needed or not.
How should organizations think about bolstering the security of their databases? What are the key steps they should take?
One of the easiest ways for organizations to bolster the security of their databases is by ensuring that technical teams are able to easily access relevant databases to do day-to-day tasks. Doing so prevents risky workarounds and also makes it easier for security teams to identify anomalous behavior.
Improving database access has a few key requirements:
Total visibility. This provides organizations with the ability to see who has access to each database, as well as track what queries were run, when each happened, and what data was accessed by each employee.
Precise control. Precise control delivers granular controls over who has access, when that individual has access, and the ability to shut off access to all systems in the event of an inside or outside threat to keep data protected.
Both of these come together to provide just-in-time access to every database, visibility into all queries for audits, and immediate revoking of access as needed.