Access Control and Encryption
Protect data at rest.
Protecting Data at Rest
Databases hold the crown jewels, so two controls matter most: access control (who can touch the data) and encryption (making the data useless if stolen).
Together they protect data both while the system runs and if disks or backups are exfiltrated.
Authentication vs Authorization
Keep the two ideas distinct:
- Authentication proves who you are (login, certificate, IAM token).
- Authorization decides what you may do once identified.
Strong database security needs both: verified identities and tightly scoped permissions.
All lessons in this course
- SQL Injection Defense
- Access Control and Encryption
- Auditing and Monitoring
- Backup and Recovery Security