Ask HN: How do large companies handle access to critical databases?

From my experience, regulated industries use a combination of the following techniques :

- Dont use passwords for databases. Make services use integrated authentication to interact with the database.

- Developers / operations dont have read / write access to production tables. It can be obtained momentarily for ad-hocs operations.

- When the database needs to be modified, the script goes through a change management system and it is executed at a planned time, ideally by another person.

- If you use private keys, ex for symmetric encryption, don't store them with the data it's used to encrypt.

- Use database level encryption on sensitive data to prevent anyone with read access to snoop on PII.

- Enable database level audit and change tracking.

- Developers don't push their own changes to production.

In my experience, poorly - the number of default passwords, copied-because-i-don't-know-what-it-does configurations, weird setups, lack of backups, backups to a local disk, backups to a mounted locally disk, etc. I've seen is shocking.

The fact that anything works has gotten way weirder to me as I've gotten older - I've seen a bunch of codebases and persistence setups, and it all seems so fragile.

In large company I worked, everything critical go through active directory. Every user is assigned to group/role. Every Server application have it's own entry as well. Every authorisation is audited (app launch, document access, databases access...). The day someone leave badge goes off, mail and every access are freeze. On a day to day usage you could revoke some or all access of a user, even just block word or a database instance. I've seen friend blocked at the door one morning because an inquiry was in process on their computer usage (it last 2 weeks and the guy was innocent,it was someone from IT who manually installed/modify unknown system files on his computer). From security standpoint almost nobody have access to production database. Most of the people work on old snapshot or incomplete extract. In another company. If you do a request on sensitive database (select * from customer), a security guard come to your office ask you to stay away from keyboard. Then the office manager is called to ensure that your work is legit.

a lot of it comes down to a strong and well-supported Information Security Officer and team, with detailed policies and procedures and a least-privileges-required security model. Someone shares credentials? Fired. The CEO or another exec wants an exception to the P&P so their buddy can get access? Well they'll get reamed by the ISO and possibly written up. No exceptions, and a paranoia about breaches is what helps to prevent such breaches from happening. Note I say "help," because there are no measures that are 100%. It's defense in depth and defense in breadth that will keep you off the front page (at least this year).

You have to look into a solution that can manage secrets easily, I think Hashicorp's Vault is an example of a product in this space.