Information Technology a Brief Critique of Database

Information Technology A Brief Critique of Database Security Articles The focus of both papers to be critiqued is the definition, status, and significance of database security. As many corporations such as Amazon and Google move toward using cloud computing, there is greater concern for the security of information contained within databases. Long before cloud computing (long in technology terms), database security was a primary concern in information technology.

The paper will offer insight as to the validity of the arguments presented in each piece as well as significance of the topic in general. Mashburn states that although companies utilize databases placed on the Internet, most companies are unaware of their databases' security. He claims that companies are prioritizing the convenience of using Internet databases over preventative security measures to keep the data safe. This lack of awareness will ultimately cost companies money.

The data may be compromised in some way or even lost, or clients of the company may become aware of the lack of security measures surrounding their private information and may sever the business relationship because they do not feel safe and the company comes off as irresponsible. Mashburn goes on to propose measures that can improve database security. He writes that security comes from clear, distinct, concise policies regarding data and actual mechanisms within the technology that can safeguard the information. This is a sound proposal.

The technology alone is not at fault for lack of security. It is the responsibility of the users to ensure that the technology will function appropriately and those with appropriate access handle secure information. Company personnel needs to take more responsibility in securing database information. It is not the fault of the technology alone. Mashburn states specific measures that can be taken such as password control, patching & testing, and auditing features used by management. These measures require personal accountability and help ensure database security.

Though he gives several examples, his overall point is that specificity of duty and policy is most important in database security, as well as routine maintenance. Fountain takes a more technical approach to explaining the necessity of database security. He begins with a series of relevant definitions regarding database security technology so that the reader may be able to have a deeper understanding of the issue and jargon when he later makes his arguments for database security.

By describing databases and the experience of using a database, this can give the reader/user a better understanding of why database security is essential, where security is lacking, and how to keep data more secure. Fountain brings up a point Mashburn did not, which is data size and processing restrictions matter for users and security.

Security measures may need to be modified based on data size and process restrictions; in fact, there can be security in place that prevents users within certain parameters to be denied access to secure information simply because of the data size or the processing restrictions upon their machine or the database itself. Fountain states that measures such as encryption, authentication, authorization, and auditing are valid means by which the security of Internet databases can be maintained.

This is similar to Mashburn in that they both propose auditing, but while Mashburn puts more emphasis on.