Defending your data

Which of these is more secure?

shilmar / Pixabay

Nicolas Chadeville / 500px

It’s a trick question – the correct answer is “neither”.

Both castles and vaults have their strengths. Castles are built to withstand large-scale assaults and sieges, but an individual has a good chance of getting inside. Conversely, a vault effectively protects its contents against break-ins by individuals or small groups, but it would not last long against a full-scale military assault.

So what does this have to do with database security? Plenty. A castle is a pretty good analogy for perimeter security, which is the way IT has approached network security since the dawn of interconnected networks. Perimeter security works by restricting the number of entry points and fortifying the ones that remain. A vault complements this approach by protecting important assets against intruders that happen to slip past the perimeter.

The problem is that far too many companies focus almost entirely on perimeter security. Recommendations to secure databases directly are met with excuses – “it’s too inconvenient”, “we don’t have the time/money/people for that project”, “we trust our people”, and “it’s not necessary; we’ve never been hacked”, just to name a few. (Yes, there are companies that do secure their databases appropriately. From what I’ve seen, though, they’re a small minority.)

The question is no longer if your company will be hacked, but when. Don’t wait for that to happen. Protect your data by any means necessary. You have too much to lose.

I’m teaching a pre-conference session on creating a strategy to protect your data at SQLSaturday Minnesota on September 30. More information and registration is available on the event website.


Ed Leighton-Dick helps small and midsize businesses solve their most challenging database performance, resiliency, and data security issues at Kingfisher Data, the consulting firm he founded in 2014. He has taught thousands of people at over 200 events, including the world's largest Microsoft data platform conferences, and he has been a leader in the Microsoft data community since 2008. Microsoft has recognized Ed seven times as a Data Platform MVP for his expertise and service to the data community.