Close Menu
TechCentralTechCentral

    Subscribe to the newsletter

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    Facebook X (Twitter) YouTube LinkedIn
    WhatsApp Facebook X (Twitter) LinkedIn YouTube
    TechCentralTechCentral
    • News
      Five provinces are now load reduction-free, says Eskom

      Eskom frees a million customers from load reduction

      8 July 2026
      Netflix, e.tv look to fill the gap Showmax left behind

      Netflix, e.tv look to fill the gap Showmax left behind

      8 July 2026
      Memo to Eskom: Telkom already lost this fight

      Memo to Eskom: Telkom already lost this fight

      8 July 2026
      Watts & Wheels S1E7: 'Ferrari's EV breaks the internet'

      Watts & Wheels S1E7: ‘Ferrari’s EV breaks the internet’

      8 July 2026
      R16-billion solar bet exposes South Africa's grid crisis

      R16-billion solar bet exposes South Africa’s grid crisis

      8 July 2026
    • World
      Swingeing jobs cuts at Microsoft's Xbox unit

      Swingeing jobs cuts at Microsoft’s Xbox unit

      6 July 2026

      SK Hynix ends Samsung’s 26-year reign at the top

      22 June 2026
      Google on the hook for what its AI tells users, court rules

      Google on the hook for what its AI tells users, court rules

      15 June 2026
      How Russians juggle VPNs to outwit the Kremlin

      How Russians juggle VPNs to outwit the Kremlin

      15 June 2026
      Amazon CEO flagged Anthropic AI risks to Washington - Andy Jassy

      Amazon CEO flagged Anthropic AI risks to Washington

      14 June 2026
    • In-depth
      AI boom sparks rally, frenzy and fear

      AI boom sparks rally, frenzy and fear

      11 June 2026
      Every plug-in hybrid on sale in South Africa, ranked by price - Lamborghini Temerario

      Every plug-in hybrid on sale in South Africa, ranked by price

      7 June 2026
      What Wi-Fi 8 will mean for wireless networks

      What Wi-Fi 8 will mean for wireless networks

      1 June 2026
      Alfa's electric rebel - Alfa Romeo Junior Elettrica Veloce

      Alfa’s electric rebel

      29 April 2026
      Africa switches on as Europe dims the lights

      Africa switches on as Europe dims the lights

      9 April 2026
    • TCS
      TCS+ | How Tracker is turning vehicle data into business strategy - Silvia Schollenberger

      TCS+ | How Tracker is turning vehicle data into business strategy

      1 July 2026
      TCS+ | IBM Bob: an AI-powered 'development partner' for the enterprise - David Spurway

      TCS+ | IBM Bob: an AI-powered development partner for the enterprise

      30 June 2026
      Watts & Wheels S1E6: 'A flawless Alfa and a bakkie that divides'

      Watts & Wheels S1E6: ‘A flawless Alfa and a bakkie that divides’

      17 June 2026
      Watts & Wheels S1E6: 'A flawless Alfa and a bakkie that divides'

      Watts & Wheels S1E5: ‘A Bentley of the bush and a car that swims’

      8 June 2026
      TCS | Charge's R1.8-billion bet on an off-grid EV future - Charge chairman Joubert Roux

      TCS | Charge’s R1.8-billion bet on an off-grid EV future

      18 May 2026
    • Opinion
      The author, Fanie van Rooyen

      South Africa can still catch the AI wave – here’s how

      7 July 2026
      The author, Fanie van Rooyen

      The AI utopia South Africa can’t afford

      1 July 2026
      The author, Jannie van Zyl

      South Africa’s broadband future is being decided in orbit, not in Pretoria

      30 June 2026
      The author, Pambos Soteriades

      The pivot South Africa’s MVNOs cannot afford to miss

      23 June 2026
      Brazil's online gambling crackdown is a lesson for South Africa

      Brazil’s online gambling crackdown is a lesson for South Africa

      22 June 2026
    • Company Hubs
      • 1Stream
      • Africa Data Centres
      • AfriGIS
      • Altron Digital Business
      • Altron Document Solutions
      • Altron Group
      • Arctic Wolf
      • Ascent Technology
      • AvertITD
      • BBD
      • Braintree
      • CallMiner
      • CambriLearn
      • CM Telecom
      • Contactable
      • CYBER1 Solutions
      • Digicloud Africa
      • Digimune
      • Domains.co.za
      • ESET
      • Euphoria Telecom
      • HOSTAFRICA
      • Incredible Business
      • iONLINE
      • IQbusiness
      • Iris Network Systems
      • Kaspersky
      • LSD Open
      • Mitel
      • NEC XON
      • Netstar
      • Network Platforms
      • Next DLP
      • Ovations
      • Paracon
      • Paratus
      • Q-KON
      • SevenC
      • SkyWire
      • Solid8 Technologies
      • Telit Cinterion
      • Telviva
      • Tenable
      • Vertiv
      • Videri Digital
      • Vodacom Business
      • Wipro
      • Workday
      • XLink
    • Sections
      • AI and machine learning
      • Banking
      • Broadcasting and Media
      • Cloud services
      • Contact centres and CX
      • Cryptocurrencies
      • Education and skills
      • Electronics and hardware
      • Energy and sustainability
      • Enterprise software
      • Financial services
      • HealthTech
      • Information security
      • Internet and connectivity
      • Internet of Things
      • Investment
      • IT services
      • Lifestyle
      • Policy and regulation
      • Public sector
      • Retail and e-commerce
      • Satellite communications
      • Science
      • SMEs and start-ups
      • Social media
      • Talent and leadership
      • Telecoms
      • Watts & Wheels
    • Events
    • Advertise
    TechCentralTechCentral
    Home » Sections » Information security » Your databases are being watched – just not by you

    Your databases are being watched – just not by you

    Promoted | Most organisations invest in perimeter security. The database – where the data actually lives – is the layer most often left ungoverned, writes Ascent Technology MD Johan Lamberts.
    By Ascent Technology8 May 2026
    Twitter LinkedIn Facebook WhatsApp Email Telegram Copy Link
    News Alerts
    WhatsApp

    The title of this piece is not a metaphor. When a database is compromised and goes unmonitored, an attacker is inside – querying, extracting, mapping access over weeks and months before anyone notices. The monitoring that would catch them, in most environments, does not exist.

    What makes this pattern consistent across sectors and incident types is not the method of attack. It is the gap it exploits – the governance deficit at the database layer. Security budgets concentrate on the perimeter. The database, where the data lives, carries no active monitoring or access governance in most environments.

    Key takeaways

    • The perimeter protects the route, not the destination: Security investment concentrates on the edge, while the database where the data actually lives carries no active monitoring layer in most environments.
    • 241 days is the arithmetic of absence: IBM’s average breach timeline is not a measure of attacker sophistication, but of how long an unmonitored database goes unwatched.
    • The governance gap has four parts: Most breached environments are missing all four – visibility into database activity, configuration and vulnerability assurance, enforced access control at the data layer, and an audit trail recorded before the incident.
    • Compliance evidence must pre-date the breach: Popia’s notification obligation asks what you can prove, which means the audit trail has to exist before the incident, not be assembled in response to one.
    • Network tools cannot see inside the database: Firewalls observe traffic and endpoint agents observe devices, but neither can see which queries an authenticated user is running, which tables they are reading, or which access rights they are abusing.

    South Africa’s regulatory environment has caught up with the risk. The Information Regulator has moved from advisory guidance to active enforcement. Popia administrative penalties of up to R10-million are available under the enforcement regime. The mandatory breach reporting portal has been in operation since April 2025. The direction of travel is towards less tolerance, not more.

    In this environment, the question is not whether database security matters. It is whether the governance currently in place is adequate.

    The governance deficit

    Most enterprise security architectures are designed around the perimeter. When that line is crossed – through a stolen credential, an unpatched vulnerability or a misconfigured environment – the database is frequently left unmonitored and ungoverned.

    South Africa’s breach record reflects this gap with consistency. Client databases accessed without authorisation. Subscriber records exfiltrated in volumes measured in terabytes. Government systems breached through inadequately secured HR and applicant data. Medical and financial records exposed across the sectors that carry the highest regulatory obligations. The common thread across these incidents is not the sophistication of the attack. It is the absence of any active governance at the database layer itself.

    IBM’s 2025 Cost of a Data Breach Report found that the average breach takes 241 days to identify and contain. Eight months of delay between intrusion and resolution is not a consequence of attacker sophistication. It is the consequence of there being no active monitoring layer at the database.

    What the discipline requires

    Governing the database layer means four things, each addressing a specific gap that the incidents above expose:

    • Real-time activity monitoring is the foundation – continuous visibility into all database activity, with automated detection and blocking of suspicious behaviour and policy violations as they occur. Not periodic review. This is what compresses the 241-day identify-and-contain timeline; nothing running on a daily or weekly schedule can.
    • A structured vulnerability and configuration assessment runs alongside it – ongoing evaluation of patch levels, configuration settings and known exposures across every database in the environment. Where production systems cannot be immediately patched, virtual patching provides interim protection. Most significant breaches do not require sophisticated exploits. They require an unaddressed vulnerability and enough time.
    • Access governance must be enforced at the database layer itself – fine-grained controls that restrict high-risk operations, enforce segregation of duties and apply least-privilege principles as an actively enforced control at the data layer, not as a policy aspiration. Privilege abuse – whether by an external attacker using a compromised credential or an internal user exceeding their mandate – cannot be contained by documentation alone.
    • An automated compliance and audit trail closes the loop. Popia’s notification obligation requires reporting as soon as reasonably possible – which means the evidence of what was accessed and when must already exist before the incident occurs, not be assembled in response to one.

    Ascent’s approach

    DB Shield is Ascent Technology’s managed database security service – a fixed monthly cost, 24/7 service delivering all four capabilities across the database estate, covering SQL Server, Oracle, MySQL, PostgreSQL, MariaDB and the other major platforms that South African enterprise environments typically run in combination – on-premises, in the cloud and across hybrid configurations.

    DB Shield is a security service designed specifically for the database layer – not a perimeter tool extended to cover it. That distinction matters because no perimeter tool can observe what is happening inside a database. Monitoring the query behaviour of an authenticated user, detecting a configuration that exposes a known vulnerability, enforcing access controls at the data layer – these require a dedicated database security discipline operating where the data lives.

    Your databases are being watched - just not by you - Ascent Technology Johan Lambert

    The service integrates with Ascent’s DB Admin managed DBA service and DB Health assessment, so that security governance, performance management and configuration assurance operate across the database environment as a unified discipline. Ascent’s discipline is that database security is not a project with an end date. It is an operating standard.

    A governance obligation

    Under Popia, South African organisations are responsible for the security of the personal information in their care. The Information Regulator has demonstrated the willingness and capability to enforce that responsibility. The financial sector’s average breach cost of R70.2-million has made the commercial case with equal clarity.

    Database security is a governance obligation. The question for any organisation managing a material database estate is not whether to govern the database layer, but whether the governance currently in place is adequate to the risk the data represents and the accountability the regulatory environment now demands.

    I have seen what it costs when the governance is not there. The number is always higher than the organisation expected.

    Ascent delivers that governance through DB Shield – at a predictable monthly cost, with the permanence the obligation requires.

    Contact Ascent Technology

    Contact us to discuss what your current database security posture looks like – what is monitored, what is not, and where the gaps sit.

    • The author, Johan Lamberts, is MD at Ascent Technology
    • Read more articles by Ascent Technology on TechCentral
    • This promoted content was paid for by the party concerned
    Follow TechCentral on Google News Add TechCentral as your preferred source on Google


    Ascent Ascent Technology Johan Lamberts
    WhatsApp YouTube
    Share. Facebook Twitter LinkedIn WhatsApp Telegram Email Copy Link
    Previous ArticleA 12-year-old competition case lands on Canal+’s desk
    Next Article Cabinet approves new permanent Sita board, ending years of turmoil

    Related Posts

    Altron walked away from multiple M&A deals - Werner Kapp

    Altron’s new BEE deal involves a big move to plug the ICT skills gap

    12 July 2024
    Add A Comment

    Comments are closed.

    Company News
    Altron Digital Business study links workplace tech to employee satisfaction - Craig Stewart

    Altron Digital Business study links workplace tech to employee satisfaction

    8 July 2026
    Finding focus: a strategic approach to cybersecurity for SMBs - Kaspersky

    Finding focus: a strategic approach to cybersecurity for SMBs

    6 July 2026
    Why voice-first communication matters more in the AI era - Mitel

    Why voice-first communication matters more in the AI era

    6 July 2026
    Opinion
    The author, Fanie van Rooyen

    South Africa can still catch the AI wave – here’s how

    7 July 2026
    The author, Fanie van Rooyen

    The AI utopia South Africa can’t afford

    1 July 2026
    The author, Jannie van Zyl

    South Africa’s broadband future is being decided in orbit, not in Pretoria

    30 June 2026

    Subscribe to Updates

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    Latest Posts
    Five provinces are now load reduction-free, says Eskom

    Eskom frees a million customers from load reduction

    8 July 2026
    Netflix, e.tv look to fill the gap Showmax left behind

    Netflix, e.tv look to fill the gap Showmax left behind

    8 July 2026
    Memo to Eskom: Telkom already lost this fight

    Memo to Eskom: Telkom already lost this fight

    8 July 2026
    Watts & Wheels S1E7: 'Ferrari's EV breaks the internet'

    Watts & Wheels S1E7: ‘Ferrari’s EV breaks the internet’

    8 July 2026
    © 2009 - 2026 NewsCentral Media
    Built and maintained by Chronon
    • Cookie policy (ZA)
    • TechCentral – privacy and Popia

    Type above and press Enter to search. Press Esc to cancel.

    Manage consent

    TechCentral uses cookies to enhance its offerings. Consenting to these technologies allows us to serve you better. Not consenting or withdrawing consent may adversely affect certain features and functions of the website.

    Functional Always active
    The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
    Preferences
    The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
    Statistics
    The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
    Marketing
    The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
    • Manage options
    • Manage services
    • Manage {vendor_count} vendors
    • Read more about these purposes
    View preferences
    • {title}
    • {title}
    • {title}