What is a Database Access Manager and Dynamic Data Masking?

As the world of business has been greatly affected by digital transformation, practices related to
workflows have also been changed to a large extent within the digital ecosystem. The fact that
companies store and process many different components related to their business models in a digital
environment, as well as the data stacks that make up these components, offers advantages but also
presents certain challenges. Complications related to cybersecurity protocols and access management
are particularly challenging.

Monitoring access to databases where all sorts of critical company data are stored is of great
significance to achieve a high level of network security. The fact that not only company users but also
third-party organizations and individuals have database access brings about the need to establish a
robust control mechanism. Indeed, a poorly built database access management system is insufficient in
preventing data breaches, and could result in the company facing both legal sanctions and loss of
reputation.

The first course of action to avoid such undesirable developments and have a sophisticated database
access management system is the integration of a database access manager and a cybersecurity
protocol that makes use of dynamic data masking into the IT infrastructure of the company.

What is a Database Access Manager and Dynamic Data Masking?

A Database Access Manager and Dynamic Data Masking, indispensable components of database
security, are cybersecurity solutions that prevent data breaches and their negative outcome for
companies as well as their stakeholders. The combination of these features not only helps to ensure
compliance with legal regulations regarding the protection of sensitive personal data, such as GDPR and
KVKK, but also bolsters your IT network against cyber threats.

Lets elaborate on what database access manager is first. A Database access manager is one of the key
elements in ensuring data security and acts as a session log for database administrators. The manager,
which keeps a record of all queries and user logins, as well as access permissions given by the
administrators, ensures secure privileged access to the database. Logging the data flow of all privileged
sessions, the database access manager helps to closely monitor database connections and activities and
is among the basic elements of an effective cybersecurity protocol, ensuring that users only see the
information assigned to them and cannot interfere with the system in general.

Another key element of secure privileged access is data masking. This technology aims to prevent the
abuse of critical data by providing users with fictitious or masked data, instead of real and sensitive data.
Dynamic Data Masking (DDM) helps to prevent data breaches by withholding sensitive data from non-
privileged users and is a tool of critical importance for secure access to companies' IT infrastructure, as it
not only secures sensitive data but also ensures that data remains unchanged. DDM, which can also be
configured to hide critical data in databases and query sets, utilizes fix/reset, scrambling, blurring,
tokenization, modification, and other proprietary data hiding methods.

How do the Database Access Manager and Dynamic Data Masking Work?

The Database Access Manager (DAM) and dynamic data masking work in an analogous manner. The
Database Access Manager, which helps to ensure data privacy, utilizes mitmproxy to monitor multiple
databases simultaneously (for example Cassandra, Hive, IBM DB2, Microsoft SQL Server, MySQL, Oracle,
and Teradata) and blocks unauthorized access and permissions requests made through existing SQLs.
The combination of the database access manager and dynamic data masking offers all-around
protection of the database. This nested relationship between the two modules can be better explained
through three basic principles in five steps:

 The monitoring and supervision of the activities in the database by the proxy constitutes the
first principle of the workflow.

 The second principle is related to the classification of records, listing database query results, and
logging all data access operations by the Database Access Manager (DAM) within the context of
access authorization.

 Dynamic Data Masking (DDM), on the other hand, hides the chunks of data it deems necessary
within the filtered data set. Central to the third principle, the DDM engine monitors which user
on the network should access what data, when, how, why, and where. Thanks to the DDM
engine, database queries can be condensed into a single piece of data.

The three basic principles above can be explained in these five steps:

 The user first runs a query on the network.

 The relevant query is then logged and rewritten. If DDM is enabled at this stage, the query is
passed to the DDM engine and advanced masking methods are applied. After the query is
masked, it returns to the DAM.

 In the third step, the manipulated query is sent to the target database.

 The target database sends the query to the DAM.

 Finally, the DAM displays the filtered results to the user.

What are the Benefits of the Database Access Manager and Dynamic Data Masking?

The Database Access Manager and dynamic data masking enable companies to create sophisticated
security policies. The cybersecurity benefits of these two modules, which enable institutions to have full
authority over all access authorizations and user activities within the IT network including remote
access, can be summarized as follows:

 A single access point is created for database access management.

 All queries on the network are logged; users authenticate using their own information. The
query performed by the database user is logged, even if the user does not authenticate.

 Sensitive data on the database servers such as credit card and identity information is identified.

 Sensitive data is manipulated in a way that it loses its sensitive nature, but appears consistent
and usable.

 Database masking rules and secure access policies can be easily assigned to users, application
accounts, and groups.
  Minimized cyberattack risk for data being processed and used in the network.

 A time limit can be set for the accounts.

 Database performance is not adversely affected.

 Users do not need to use a special database client. Authorization can be done through existing
clients.

 Inactive accounts are disabled; unexpired but weak passwords are eliminated.

The analogous use of DAM and DDM, important elements of Privileged Access Management systems,
stands out as one of the best ways to provide end-to-end data security in today's world, where
businesses are largely digitized. These two modules are among the numerous advantages offered by
Privileged Access Management (PAM) solutions and were developed based on the principles of least
privilege and zero trust. Both modules are perfect for taking the cybersecurity policy of your company to
the next level.

If you are looking for a PAM solution that includes both the Database Access Manager and Dynamic Data
Masking, Single Connect will surely meet your expectations. Featured in the Privileged Access
Management reports published by Gartner, KuppingerCole, and Omdia for its effectiveness, Single
Connect, with its advanced product family, will play an important role in ensuring the security of
privileged accounts and critical data within your organization.

Contact us to get more information about Single Connect, the PAM solution that improves the
operational flexibility of your company thanks to its modular structure.