An XML database firewall monitor is another necessary security measure, as this will monitor all requests to the database and block and flag irregular or malicious requests whilst checking employees' access rights and permissions.

However, in order for this to function adequately it is necessary to create rules to define requests as regular or otherwise, and these need to be constantly updated and maintained as the organisation changes and grows. Database security is not a once off project, since new vulnerabilities will always be emerging, and needs to become a dynamic, constantly updated process that is a vital part of the business.

If database security is properly designed, it requires minimal human intervention and maintenance, which as a result makes it even more secure.

In order to achieve proper design of database security, the database itself needs to be correctly set up, so that firewall rules can be created correctly to provide maximum usefulness. Data within the database also needs to be correctly classified, otherwise the authentication and authorisation aspects of security will not work.

When it comes to implementing adequate database security, there are five aspects that should be considered:

1. Policies must be put into place to manage permissions, access and actions that may be taken with data.
2. People need to be trained, educated and adapted to the culture change of a security aware organisation. There is no blanket approach to this, since every organisation is different.
3. Automation is necessary to remove the element of human error and to provide faster responses, better security and better \ governance, risk and compliance.
4. Planning and analysis, including forecasting, are vital to plan for the future and adapt the system to changing conditions as well as to ensure continuity independent of individual employees.
5. The correct IT infrastructure to support the whole security concept.

It is important to bear in mind that database security is also not the sole domain of the IT department, and needs to be driven from the business aspect. Database security protects the business itself from losses but having more stringent controls can impact the way people work. For example, they may not have the 'freedom' that they previously enjoyed on the network.It is therefore important to educate the staff and incorporate change management by communicating the rationale behind these restrictions and why they are necessary. This requires the involvement of people within the organisation and buy-in from the top level for change management to be successful. Security is also a vital component of any governance, risk and compliance initiative, which again is a business venture and requires business buy-in.

Setting up this database correctly and then ensuring that it is adequately protected is vital for any organisation today. However, this is a highly specialised skill, since it needs to be done in a cohesive and all-encompassing manner to ensure that vulnerabilities are minimised.

Outsourcing database setup, maintenance and security to the experts makes sense given the skills shortage in South Africa and the importance of getting this setup right to prevent data theft, data loss and negative impacts to productivity and profitability.

In the today's world, where information is king and data has become currency, the database is the heart of any business, and database security should be top of mind when it comes to addressing security concerns.