Start  trial

    Start trial

      roundel-database-and-shileld-01Hey there, database defenders! 
      As we embark on this detailed exploration into the world of database security, it's crucial to understand the various security roles within an organization, and that is what this blog post is about.

      Now, before we dive in, a quick heads-up: the titles and exact responsibilities of these roles can vary from one organization to another. But regardless of the names, you'll likely find equivalents in most places. Whether it's a Chief Information Security Officer (CISO), an IT Security Guru, or a Data Protection Maestro, these roles form the backbone of your organization's cybersecurity efforts. In this blog, we'll unravel these roles, focusing on how they intertwine with your responsibilities as a Database Administrator (DBA) to fortify the organization's data defences.
      Reflecting the complexity and range of the technological landscape, there's a broad array of cybersecurity positions – over 25 at last count.

      Without further ado, let's get to our cast.

      The Chief Information Security Officer (CISO): the strategic leader

      At the helm of the organization's cybersecurity efforts is the CISO. This role is all about strategy and leadership in the realm of information security. These days, you’ll often find that the CISO is an active member of the executive team providing a single point of accountability and the capability of the executive team to understand and manage their security.

      Why it matters: The CISO is responsible for the overall security posture of the organization, including policy development, risk management, and ensuring compliance with regulatory requirements. For a DBA, the CISO is a crucial ally. Understanding their vision and strategy for security can help align your database security initiatives with the broader organizational goals. Plus, they're your go-to person for advocating for the resources and tools you need to keep your databases secure.

      The IT Security Team: your technological shield

      The IT security team is your frontline defence against cyber threats. They're in charge of maintaining the security infrastructure that keeps the entire network, including your databases, safe.

      They generally look after things like your firewall, antivirus software, intrusion detection software, and security related protocols to achieve this.

      Why it matters: Collaboration with this team ensures that the network layer security complements your database security measures, forming a multi-layered defence strategy.

      The Compliance Officer: the regulators

      Compliance officers ensure that the organization adheres to data protection laws and regulations. Their role is becoming increasingly important with the proliferation of data privacy laws.

      You’re most likely aware of GDPR, and as a DBA are also likely to have been involved in activities related to its compliance.

      Why it matters: They help you navigate the complex landscape of compliance, ensuring that your databases don't become a legal liability.

      The Cybersecurity Analysts: the intelligence unit

      These are the folks who stay abreast of the latest in cyber threats, analyzing data and trends to keep the organization a step ahead of potential breaches.

      Often, they will monitor sites looking for Common Vulnerabilities and Exposures (CVE’s) that impact the software (including database servers) the organization is running. If a CVE is considered a risk to your database software, obtaining a patch to address it can be a high priority activity.

      Why it matters: Their insights can inform your database security strategies, helping you anticipate and prepare for emerging threats.

      The Incident Response Team: the firefighters

      In the event of a security breach, this team is your rapid response. They're trained to contain and mitigate the damage, helping the organization recover swiftly.

      My team recently detected a minor breach on a test machine in the cloud, and this team made all the difference in providing a rapid and effective response.

      Why it matters: Knowing their protocols and having a clear line of communication can significantly reduce the impact of a database breach.

      The Application Development Team: the builders

      The developers create the software ecosystem that interacts with your database. Ensuring that these applications are secure is a shared responsibility.

      Taking a proactive approach by developing a relationship with the development teams early in the development cycles can pay significant dividends down the track in both proactive and re-active protection strategies. 

      Why it matters: Collaborating with them can lead to more secure applications, reducing vulnerabilities at the application level.

      Conclusion

      Beyond the roles I've highlighted, there's a broad array of cybersecurity positions – over 25 at last count, including access administrators, encryption experts, monitoring/alerting specialists, and many more.

      The roles I've detailed are crucial within an organization's cybersecurity framework. As a DBA, knowing how to interact with the CISO, IT security team, compliance officers, cybersecurity analysts, the incident response team, and application developers is key to enhancing your database's security.

      In upcoming articles, I'll delve into the specifics of each role and explore how they contribute to effective database security strategies in the modern business landscape.

      Next on this series

      Another aspect of database security that deserves our full attention is security benchmarking. This involves measuring and evaluating the effectiveness of security controls and practices within an organization, and will be the topic of my next blog post in this series.

      Stay tuned and don't forget to subscribe to be notified of new posts. Let's make our databases not just storage units, but fortresses!

      Topics: PostgreSQL, Fujitsu Enterprise Postgres, Data governance, Security, "Database security" blog series

      Receive our blog

      Fill the form to receive notifications of future posts

      Search by topic

      see all >
      photo-matthew-egan-in-hlight-circle-orange-yellow
      Gary Evans
      Senior Offerings and Center of Excellence Manager
      Gary Evans heads the Center of Excellence team at Fujitsu Software, providing expert services for customers in relation to PostgreSQL and Fujitsu Enterprise Postgres.
      He previously worked in IBM, Cable and Wireless based in London and the Inland Revenue Department of New Zealand, before joining Fujitsu. With over 15 years’ experience in database technology, Gary appreciates the value of data and how to make it accessible across your organization.
      Gary loves working with organizations to create great outcomes through tailored data services and software.
      View all Gary's blog posts
      Our Migration Portal helps you assess the effort required to move to the enterprise-built version of Postgres - Fujitsu Enterprise Postgres.
      Learn more >
      We also have a series of technical articles for PostgreSQL enthusiasts of all stripes, with tips and how-to's.

       

      Explore PostgreSQL Insider >
      Subscribe to be notified of future blog posts
      If you would like to be notified of my next blog posts and other PostgreSQL-related articles, fill the form here.

      Read our latest blogs

      Read our most recent articles regarding all aspects of PostgreSQL and Fujitsu Enterprise Postgres.

      Receive our blog

      Fill the form to receive notifications of future posts

      Search by topic

      see all >

      email: enterprisepostgresql@fujitsu.com

      All Rights Reserved. Copyright 2023 Fujitsu Australia Ltd
      Twitter for Fujitsu Australia LimitedLinkedIn for Fujitsu Australia Limited Contact us
      Privacy Statement