Notifications
Clear all
Topic starter
07/06/2026 8:02 pm
TL;DR: Database environments now span more than 400 SQL and NoSQL systems, and 57% of organisations say databases are among the hardest technologies to manage for access, according to StrongDM. Manual provisioning, default admin access, and forgotten decommissioning turn database access into an NHI governance problem, not just an operations problem.
NHIMG editorial — based on content published by StrongDM: Are Your Databases a Pain in the Access? See StrongDM in action
By the numbers:
- Today, there are more than 400 SQL and NoSQL databases alone.
- 81 percent of IT professionals are managing multiple versions of the same database.
- 57% of organizations name databases as one of the most difficult technologies to manage in terms of access.
Questions worth separating out
Q: How should security teams govern database access at enterprise scale?
A: Security teams should treat database access as a lifecycle process, not a one-time permission grant.
Q: Why do databases become harder to secure as environments grow?
A: Databases become harder to secure because growth multiplies versions, exceptions, and access paths faster than teams can manage them manually.
Q: What breaks when database access is handled manually?
A: Manual handling breaks when approvals, provisioning, and revocation cannot keep up with operational change.
Practitioner guidance
- Map database entitlements to lifecycle events Tie every database grant to a joiner, mover, leaver, or project event so access is removed when the business reason ends.
- Replace default administrator roles with task-scoped access Review every database admin role for scope creep across environments, then split broad roles into narrower permissions tied to specific duties and systems.
- Automate decommissioning for inactive access Build removal into the same workflow that provisions access so decommissioning is not dependent on manual follow-up after departure or project completion.
What's in the full article
StrongDM's full blog covers the operational detail this post intentionally leaves for the source:
- How its access workflow automates database provisioning and decommissioning across environments
- How role-based rules are applied to developer access and shared SSH key retirement
- How audit logs support query-level monitoring for security teams
- How Benevity structured its internal approval process for database access
👉 Read StrongDM's blog on database access management at scale →
Database access sprawl and manual provisioning: what teams miss?
Explore further
07/06/2026 9:48 pm
Database access sprawl is now an NHI governance problem, not a tooling inconvenience. The article describes a control environment where database count, version diversity, and manual access handling have outgrown human administration. That is the point where service-account style governance, not just DBA process, becomes necessary because access persistence and entitlement drift drive the real risk. Practitioners should treat databases as governed machine identities with lifecycle obligations, not as isolated technical assets.
A few things that frame the scale:
- The average estimated time to remediate a leaked secret is 27 days, despite 75% of organisations expressing strong confidence in their secrets management capabilities, according to The State of Secrets in AppSec.
- Only 44% of developers are reported to follow security best practices for secrets management, exposing a significant developer behaviour gap.
A question worth separating out:
Q: How do you know if database access controls are actually working?
A: They are working when access can be granted and removed quickly, role scope stays narrow, and audit logs show a clean match between approval, usage, and removal. If teams cannot answer who still has access or why a privileged role remains active, the control environment is failing regardless of how many tickets were closed.
👉 Read our full editorial: Database access sprawl is exposing NHI governance gaps
