14 DAY TRIAL // I've just read something very interesting on SecurityPark, a piece of news that contained a lot of statements coming from Steve Hurn, CEO of Secerno. After reading what Hurn had to say I have to agree that authentication isn't the same thing with being secure.
One of the most concerning things in his statements was the fact that even if validation measures are taken to the extreme and are really tough to beat, a company can never have too much control on what an employee does with their database for example. Companies should deploy special softwares to allow them to know what the person that is accessing the database is doing with it. Steve Hurn also said that a program should be designed in order to protect the database from all possible malicious intents.
Another important fact was highlighted: some companies' software is not "strong" enough to be impenetrable by hackers and they can easily access their main database after hacking an account and logging in with it. This matter is taken more seriously, Hurn stated, especially since some high-profile companies have had problems with cyber-security breaches. For example, Oracle is going to buy Bharosa, in order to build up security.
There are many companies that tackle computer related theft and fraud in our days, but for database security problems to be completely solved within firms, special software deployment is not enough. This matter needs to be taken down to the employees, as I've read on the same site. People need to be persuaded that they should only use the data that is required in the process they were working on, and not to touch other elements of the database. I don't know what rate of success this will have, but linked together with great authentication technology and certain programs that can monitor and "understand" employees' actions is going to make things better for database security.