News 4 - Database Security

1. I learned that there are three types of databases in the most recent class- hierarchal, relational, and object oriented database. Another concept from class that I learned is that normalization is a technique to design tables in a relational database to optimize performance and prevent errors when retrieving the data.

2. This article is about how database security is often overlooked:
http://www.eweek.com/article2/0,1895,2186652,00.asp

3. I agree with the author that security for databases is being overlooked. Recently, there has been news that many major retailers’ customer information has been compromised through hacking into the retailers’ database. In fact, I was one of the people whose credit card was affected by one such incident.

The author attributes this lack of database security to the database administrator’s inability to use sufficient time to meeting database security needs and also to lack of security training. It makes sense for the people who create and maintain these databases to be responsible for controlling access to this information. However, this indicates a more major issue that companies are not allocating enough money or attention to protecting customer’s information. The company should be responsible for hiring people who will be able to protect the information that the company acquires from customers.

The article suggests that a possible solution is to have the database administrator train with the IT security team. However, according to the article, one of the common reasons that the database administrator could not perform the security measures is lack of time. I think the author should explore more possible solutions such as using protective software, using an external database security consulting group, hiring more security savvy workers, or hiring more workers so that sufficient time can be allocated to security measures.