Cybercriminals and hackers want access to your most sensitive information and systems. Customer data, PPI, and company secrets are often kept in databases. With cyber threats on the rise, database security has never been more important. This means securing your database admin (DBA) or developers’ credentials as well as database system connections. Luckily, privileged access management (PAM) software can help.
PAM tools work by putting privileged credentials including database credentials in a secure vault and controlling access to those credentials. DBAs go through the PAM software to be authenticated. The PAM software uses credentials for the authentication but does not expose them to the user. The software monitors and records each session providing an audit trail of activity.
To make this happen, the PAM software needs to securely connect and talk to the database. But not all PAM solutions are the same when it comes to securing database connections.
The Challenge with Jump Servers
While many PAM products claim to support secure database connections, they typically involve the use of a jump server which merely limits access to a DB client running on another host (read my recent blog post related to jump servers). While this is secure, it is cumbersome to use, slow and changes the way admins and developers work.
With a jump server, DBAs run the database on remote computers with access through the WEB Browser. This is fine for a regular user but DBAs work at lightning speeds when it comes to clicks and drag-n-drops. A jump server slows things down and can be a barrier to adoption. Instead, DBAs, admins, and developers find workarounds that are not as secure or don’t use PAM at all.
We see similar challenges with connecting to SSH and RDP. While there are WEB-based solutions, people don’t like change. Admins prefer to use native clients.
Advanced Proxy Support for Oracle RDBMS
To create a high-trust connection between PAM software and popular database software like Oracle RDBMS, you need advanced proxy support. An advance proxy can open access to a database or software through PAM for native clients. This helps improve PAM adoption within an organization. It allows for zero-trust native client access to remote sessions with full session recording, keystroke monitoring, and SQL logging using native clients. This makes it easier for companies to implement and enforce PAM requirements such as auditing, permissions, and password rotation without disrupting existing IT workflows.
Last month, we released a new Oracle SQL Proxy for the XTAM platform. This advanced proxy allows users to use native Oracle clients such as SQL plus, SQL Developer, Dell Toad Oracle, Squirrel, etc. running on their client desktop computers to connect to remote Oracle RDBMS without disclosing scheme credentials even in an encrypted form. The Oracle SQL Proxy provides role-based permissions, allows users to request a workflow to the database, audits the access to the database, records SQL traffic, and provides support for notifications about session events.
The DBAs create secure sessions directly from their desktop without the need to download agents or launch secondary software. The user can run their own database client directly from their own workstation while the secure session runs through XTAM where permissions and workflows are enforced and session events are tracked and monitored. This provides DBAs with secure and efficient access to Oracle while satisfying audit and senior management requirements for just-in-time secure access and controls.
Built-in Database Security
Database security is a key part of any cybersecurity strategy. With XTAM Oracle SQL Proxy you have greater control, visibility, and security over your privileged access to Oracle RDBMS.