Role-based access and other built-in DBMS controls are designed to prevent end-users from accessing sensitive data in databases, but they cannot prevent DBAs and other privileged users who have the ability to execute any database command, on any database object, as part of their daily jobs.
Newer technologies such as database activity monitoring (DAM) provide an additional layer of protection by generating detailed audit trails and real-time security alerts whenever anomalous activity is detected or access policies are violated – including privileged user violations. While DAM is an important element of a defense-in-depth strategy, DAM has traditionally been limited to providing detective controls rather than preventive controls because monitoring alone cannot enforce security policies and prevent unauthorized actions from occurring.
Guardium announced the first cross-DBMS solution that prevents privileged users – such as DBAs, application developers and outsourced personnel – from viewing sensitive data in corporate databases.
S-GATE’s ability to enforce granular access control policies that apply only to privileged users means that organizations can now implement robust preventive controls – without the risk of blocking legitimate access. S-GATE also strengthens security and enforces separation of duties (SOD) by preventing DBAs from performing security functions such as creating new database accounts and elevating privileges for existing accounts. At the same time, authorized individuals can continue to use their super user or system privileges to perform day-to-day administrative tasks – including backups, patching and tuning – without interruption.