DBA as Service?

By David Norfolk • Get more from this author

Posted in Developer, 6th January 2006 23:41 GMT

Understand how application security is evolving

I got to meet Will Edward, VP EMEA at Embarcadero, this week. I was a DBA once so I always have a soft spot for DBA tools vendors like Embarcadero (and Quest, BMC etc) - I only wish we'd had such tools when I was doing the job.

But Will told me of a change of direction - like many tools vendors, Embarcadero is going after services and talking to management as well as technicians without, of course, neglecting its current techie user-base. Well, I hope that last bit's true (Will seemed genuine enough), because in the database management field you need both management buy-in and proper technical evaluation and operation of your tools - database management is too important to leave to management purchasing politics.

Will does have something a bit extra to offer - he talks about data security as an extension of data management, and about managing authorised access (ie, about possible misuse of legitimate access authority, instead of just access control). He's not the only vendor with such an idea (check out Pervasive Audit Master, eg) but I don't think that as many people are looking at routine and effective auditing of database access as should be; and the tools OEM database vendors supply to do this aren't always as user-friendly as you'd like either

With things like Sarbanes Oxley around, this may be an oportunity for DBAs to impress their business masters. But don't underestimate the possible issues - especially now that databases can hide complex (and possibly sensitive) data structures in "simple" XML columns; and a lot of business information is in email instead of "proper" databases anyway...

Tune into our application security webcast, click here