Database Primer - Database Lifecycle

It is vital to maintain a secure database information cycle throughout a database’s entire lifecycle to ensure that there are no blind spots in your security. For instance, if the database is inherited 4 years after creation, then without doing a comprehensive audit you may be unaware of various inefficiencies or outright vulnerabilities latent within. From the conceptual design phase to the implementation, all the way through to the closure of a database: you need to be aware of the state the data is in. The database should be conceptualized and operated with proper encryption, authentication measures, and authorization checks on account privileges. Privacy standards, such as HIPAA should be adhered to and audited regularly to ensure that this protected information is not accessible by unauthorized access attempts. Data should also have integrity constraints to prevent a user from attempting a SQL injection from malicious data inputs.

A company’s database holds a business’s life blood: proprietary information, financial records, personnel data, company acquisitions, planning, and much more. Additionally, if your company is in the healthcare industry you are subject to the rigorous regulatory standards of HIPAA to protect patient’s medical data. If your security environment is not properly set up, from start to finish in a database lifecycle, you risk the information mentioned above being accessed and extracted by an unauthorized user.

This could be a hacktivist, who leaks the PII of every employee to the dark web. It could be a rival company, who leverages the data within to block a business acquisition move. It could simply be a black hat hacker who wants to earn money by placing your data in an encrypted ransomware software. Either way, your company would face monetary and public losses, and might be subject to civil lawsuits and fines.

If the data within a database is the lifeblood of an organization, then it stands to reason that proper on-going support for the database that holds that life blood is just as vital as the data held. As is the safeguarding of it (but that's another post!).

There aren’t many industries that wouldn’t require or at least desire a database administrator. If a company touches a computer to facilitate their business, then they have data. That can be financial reports, invoices, employee rosters, payroll data, research, and development, and of course their deliverables. Companies are frequently leveraging big data analytics to hone in on, and expand, their target markets. Utilizing big data necessitates robust databases to hold said data for analysis.

A Database Administrator needs soft skills and hard skills. They need to be organized, be flexible with changes, and they need communication skills to ensure that the database schema and operation is understood by all key stakeholders. Database Administrators also need the technical know-how to operate, maintain, adjust, and repair database technology. Furthermore, they need a sound understanding of cyber security best practices to ensure their companies data is secured, backed-up, and has a plan of action for data breaches. They need to understand the laws and regulations concerning data within their country, state, and business use-case (such as HIPAA).