To continue with this content, please log in with your Data Access ID or create a new account.
Cancel Data Access ID
You may not be authorized to see this content. Please contact Data Access Europe for more information.
Cancel Data Access Europe
You are not authorized to see this content.
Cancel Data Access Europe
Next lesson:
Restrict database access to your applications

Security the Basics

Lesson 2: Data Protection

Cyber security is essentially data protection. Malicious users endeavor to see, manipulate or destroy data for their own benefit or to inflict damage. Numerous security measures can be taken to properly protect data, but increased security can have the negative effect of decreased usability. A 100% secure but usable system does not exist. Even a genuine user, at some point in time, can become a threat. These threats cannot always be completely blocked from doing harm, but the damage can be reduced. This is often done by giving users restricted access, and they must identify themselves to the system. This is typically done with a unique username and password.  

The mitigations in the system can take many forms: 

  • Filtered access on specific tables, records, or fields
  • Some data may be read-only
  • Soft deletes: records are marked as deleted, but not actually removed
  • Authorization levels: where actions above certain thresholds require special privileges or approval from another user
  • Logging and monitoring / audit trails

The European General Data Protection Regulation (GDPR) forces companies to look deeper into their system and implement more mitigations. This course will not delve into that, however.

The mitigations are only effective if two conditions are met:

  1. Access to the data is only available through systems that enforce these mitigations
  2. User identification is trustworthy

These are the two main reason for the content that will be covered in throughout this course. These conditions have a lot of consequences for development and deployment.