Database security faces insider threat

Database security has come under the spotlight after a fledgling UK company, Secerno, suggested that databases are wide open to attack from growing insider threats.

Secerno claims that over 60% of UK employees have access to computer records and that 41% have access to records that are not necessary for their job. One in ten employees has been tempted to abuse this access; and 56% of employees have no restrictions placed on the information they have privileges to access.

Databases contain organisations’ key assets, especially their customers’ details. These assets range from research data, development plans and price lists through to credit card information, health records and buying habits.

Previously, Secerno says, there was no way of stopping internal employees with the necessary permissions from accessing a database and abusing those access rights. But Secerno claims to have developed a unique appliance that understands the patterns of normal access to each individual corporate database and adapts to changing usage patterns.

Secerno says the appliance can be installed in a matter of minutes and will then learn normal database usage, protecting the system without complicated user intervention, as well as helping companies meet their compliance requirements.

There is little doubt that database security is due for a renewed focus, given its importance within the organisation. Secerno’s product is intriguing, though its novel approach of ‘learning database usage’ may need to be sold harder. I would rather be told that a product will categorically protect X, Y and Z than hear that the software will ‘learn’ my usage. My view is that ‘learn’ is a woolly description; and Secerno should come up with a harder-hitting alternative.