Chapter 13. Databases

At first, you might not see how important databases are for information security. But like asset management, databases help keep valuable data safe. Think about how tough it would be to handle these situations without good database security:

• Someone gains unauthorized access to sensitive customer data, harming both your clients and your company’s reputation.

• An attacker uses SQL injection to disrupt an entire production database.

• An attacker steals and shares your company’s private information, with the data leak resulting in serious financial and reputational loss.

• An employee with bad intentions changes or steals important data, damaging your organization’s stability and trust.

Dealing with these issues gets much harder without a general knowledge of databases and strong database security. Databases are the main part of modern information systems because they’re where we store, manage, and access structured data. Modern organizations create data faster than ever, and it’s vital to store and process sensitive data securely.

In this chapter, we’ll explore the fundamentals of databases and their significance in information security. We’ll look at various types of databases—from relational and NoSQL databases to serverless and distributed systems—each with unique security needs. Our aim is to equip you with knowledge of common database management systems (DBMSs) and their security features and challenges, as well as key security strategies suitable ...