
Ask HN: How do large companies handle access to critical databases? - dirktheman
I’ve never worked in companies over, say 1000 people. Usually, there are one or two people who have full access to the database, hosting, Virtualization servers, etc. The lastest Marriott hack got me thinking: how do large organizations like these make sure employees don’t mess with their precious data? In my case, one disgruntled employee could pose a HUGE risk because he&#x2F;she would know the login&#x2F;password combination of a lot of critical systems (I worked in healthcare back then).
======
magic-chicken
From my experience, regulated industries use a combination of the following
techniques :

\- Dont use passwords for databases. Make services use integrated
authentication to interact with the database.

\- Developers / operations dont have read / write access to production tables.
It can be obtained momentarily for ad-hocs operations.

\- When the database needs to be modified, the script goes through a change
management system and it is executed at a planned time, ideally by another
person.

\- If you use private keys, ex for symmetric encryption, don't store them with
the data it's used to encrypt.

\- Use database level encryption on sensitive data to prevent anyone with read
access to snoop on PII.

\- Enable database level audit and change tracking.

\- Developers don't push their own changes to production.

~~~
tnolet
Good list, I’d add

\- private networks, using bastion hosts to access when needed.

\- very robust and regularly tested backups in case someone screws up the
data.

\- hardware tokens to access and authenticate any critical parts.

~~~
mars4rp
-we have our servers in house so we ship a hard disk with all the data and source code every month to other side of country.

------
JBReefer
In my experience, poorly - the number of default passwords, copied-because-i-
don't-know-what-it-does configurations, weird setups, lack of backups, backups
to a local disk, backups to a mounted locally disk, etc. I've seen is
shocking.

The fact that anything works has gotten way weirder to me as I've gotten older
- I've seen a bunch of codebases and persistence setups, and it all seems so
fragile.

------
coldcat
In large company I worked, everything critical go through active directory.
Every user is assigned to group/role. Every Server application have it's own
entry as well. Every authorisation is audited (app launch, document access,
databases access...). The day someone leave badge goes off, mail and every
access are freeze. On a day to day usage you could revoke some or all access
of a user, even just block word or a database instance. I've seen friend
blocked at the door one morning because an inquiry was in process on their
computer usage (it last 2 weeks and the guy was innocent,it was someone from
IT who manually installed/modify unknown system files on his computer). From
security standpoint almost nobody have access to production database. Most of
the people work on old snapshot or incomplete extract. In another company. If
you do a request on sensitive database (select * from customer), a security
guard come to your office ask you to stay away from keyboard. Then the office
manager is called to ensure that your work is legit.

~~~
_RPM
That sounds like a terrible work environment. On site security guards?

------
abramN
a lot of it comes down to a strong and well-supported Information Security
Officer and team, with detailed policies and procedures and a least-
privileges-required security model. Someone shares credentials? Fired. The CEO
or another exec wants an exception to the P&P so their buddy can get access?
Well they'll get reamed by the ISO and possibly written up. No exceptions, and
a paranoia about breaches is what helps to prevent such breaches from
happening. Note I say "help," because there are no measures that are 100%.
It's defense in depth and defense in breadth that will keep you off the front
page (at least this year).

------
aprdm
You have to look into a solution that can manage secrets easily, I think
Hashicorp's Vault is an example of a product in this space.

