Least Privilege for Database Administrators
In today's world, despite layered protections, intruders, insiders and financially-motivated attackers will try to exploit privileged accounts to access sensitive application data. When it comes to the database, this includes abuse of privileged user accounts that have the powerful DataBase Administrator (DBA) role. Because of the extensive access given to such accounts, damage done by attackers using privileged accounts often is the hardest to detect and the most extensive. With the increased sophistication and number of attacks on data, it is more important than ever to put more security controls inside the database. However, most customers have a small number of DBAs to manage their databases and cannot afford having dedicated people to manage their database security.