290sp

1

Secure Auditing in Database Systems

Garlin,Saintice

American Military University

ISSC290D001

2025/04/4

2

Contents

Abstract ................................................................................................................................................................ ......................... 3 Introduction ................................................................................................................................................................................. 3 Importance of Database Auditing ........................................................................................................................................ 4 Common Threats to Database Security .............................................................................................................................. 5 Secure Auditing Techniques .................................................................................................................................................. 6 Challenges in Implementation ............................................................................................................................................... 7 Case Studies ................................................................................................................................................................................ 8 Future Trends ................................................................................................................................................................ .............. 9 Conclusion ................................................................................................................................................................ ................. 10 References ................................................................................................................................................................................ 12

3

Secure Auditing in Database Systems

Abstract

Database systems are central to modern information management. With increasing cyber

threats, suitable auditing mechanisms are necessary to preserve data integrity, confidentiality,

and regulatory compliance (NIST, 2024). This paper presents secure auditing in traditional and

emerging databases. For tamper-evident records, we study cryptographic logging; for audit trails,

we examine blockchain; and for anomaly detection, we use AI. In addition, we consider practical

issues of performance, storage, and scalability in distributed systems. Case studies from

healthcare and finance show how these solutions help with compliance and data protection. We

discuss future advancements, such as homomorphic encryption, zero-knowledge proofs, and

quantum-resistant cryptography, and give insights to database administrators, security experts,

and compliance professionals.

Introduction

Today, more than ever, databases are the central depository for almost all organisational

sensitive data captured in the digitised world. These systems store information ranging from

intellectual property to banking transactions and medical histories, and all of it is valuable and

vulnerable. With the growing frequency and sophistication of cyber-attacks and increasing

regulatory expectations, database auditing has moved from an optional security measure to an

essential operational necessity. While traditional database auditing is solely the process of simply

logging database events, modern database auditing goes much further than that. It is an overall

framework to provide data integrity, detect unauthorised access, and maintain records for

compliance and forensic analysis. This paper explores the problem of secure auditing in current

database environments. First, we outline the importance of auditing in current data management,

4

then analyse the common security threats sanitised by auditing mechanisms. The central core of

our discussion in the subsequent three primary categories of auditing techniques are based on

cryptographic methods, blockchain implementations, and AI-driven techniques. We discuss each

case's technical implementations, practical advantages, and possible limitations. This is followed

by subsequent sections that discuss the real-world issues plaguing organisations as they deploy

these solutions, with case studies describing how they were used successfully in regulated

industries. Finally, we examine the future of database auditing with the help of emerging

technologies that will further shape the industry in the coming years.

Importance of Database Auditing

According to (Chaudhary, 2023), Database auditing is a multi-dimensional value to

organisations across industries, and its critical role in modern information systems gives it a

significant value. Never mind, auditing is the protective mechanism and the compliance tool at

its core, providing for creating a record of all verifiable database activity for security incidents or

regulatory validation. In security terms, auditing is a digital surveillance system constantly

monitoring access patterns and data changes to spot potential breaches or policy violations.

Nothing should be underestimated regarding the psychological deterrent effect of comprehensive

auditing: the more you know that all database interaction will be recorded and analysed, the less

likely external attackers will commit malicious acts, and the less likely internal staff will either.

As a card of compliance, database auditing has acquired indispensable status in the

regulated industries. Because of standards such as the Sarbanes-Oxley Act (SOX) that require

financial institutions to exercise strict controls over their financial reporting system and audit all

database transactions that could impact financial statements in detail, financial institutions must

formulate new controls for all transaction activities and revise their policies (Pool et al., 2024).

5

Since HIPAA regulations are enforced in healthcare organisations, granular auditing of access to

healthcare data (ePHI) is required and carries explicit log retention and review processes. For

example, the PCI DSS also requires a rigorous audit for systems that process credit card data

(Alder, 2025). Regardless of their more open and flexible nature, these regulatory frameworks

have standard requirements: comprehensive but routine activity logging, regular log reviews, and

secure log retention – all of which are the essential elements of a database auditing system.

Database auditing has operational benefits, giving the helpful organisation insight into

system usage patterns and potential performance bottlenecks. They can help you see which

queries are underrun, which are being called unauthorised, or what seemingly normal activity

may correspond to system abuse. Audit trails are the primary source of evidence used in forensic

investigations following a security incident to help reconstruct events and determine the scope of

a breach or compromised data. Indeed, the business continuity benefits also apply in disaster

recovery scenarios where audit logs can provide data integrity verification support to recovery

validation processes. Consultancy on the overall strategic importance of robust database auditing

solutions for controlling and monitoring changes to complex business data is growing

exponentially as data volumes do, and dealing with diversifying and complex regulatory

landscapes will only increase in importance.

Common Threats to Database Security

According to Buda, 2023, Contemporary database systems must deal with an ever-

increasing number of security threats, and there is an increasing need for robust auditing

solutions. The most important are injection attacks, such as SQL injection, which are still among

the most common and dangerous database vulnerabilities despite being known for decades.

Nikolai publicly outlines that these attacks exploit application vulnerabilities to run malicious

6

SQL commands, which can lead to the attacker bypassing authentication, extracting sensitive

data, or even taking control of database servers. In particular, various sophisticated variants,

including blind SQL injection attacks and out-of-band attacks, are challenging to detect and

prevent.

Another significant category of risk that database auditing helps mitigate is insider

threats. Malicious employees looking to gain, disgruntled workers aiming to harm, or careless

workers ticking policies in the name of security can all be sources of these threats. According to

the results of the Verizon Data Breach Investigations Report in 2023, insider threats contributed

to almost 20 per cent of all data breaches (Verizon, 2023). Privileged users are sweet spots for

insider threats due to their potentially extensive system access. One central control against such

threats is database auditing, which stores detailed records of all user account activities to detect

suspicious behaviour patterns and as forensic evidence when incidents happen.

Ransomware threats are becoming more sophisticated, including attacks on database

systems designed to encrypt critical data, keep it encrypted, and demand payment to secure its

release. Usually, these attacks are made using technical exploits and social engineering to gain

initial access. Moreover, as cloud databases are gaining adoption, the new attack vectors include

misconfigured access control and compromised API keys. APTs focused on data in databases

may linger undetected while exfiltrating sensitive data for quite some time. Comprehensive

activity monitoring and anomaly detection capabilities are the keys to these threats, and database

auditing systems are precisely the tools for prioritizing these threats' identities.

Secure Auditing Techniques

Various technical approaches are employed by modern database auditing to boost

security and compliance. Cryptographic auditing, such as HMACs (authenticity) and digital

7

signatures (source verification), ensures log integrity. This allows efficient validation of large

logs with Merkle trees. To prevent tampering, these techniques are essential in high-security

applications such as finance or the government. Using blockchain, transactions that are not

tamperable are recorded in an immutable chain. The advantage of such love includes

cryptographic hashing for data integrity and smart contracts for automated alerts. Adopted in

finance and healthcare for secure record keeping, scalability is difficult in high-volume systems.

The audit is made possible by AI and machine learning – they help reduce false positives and

detect anomalies. Unlike supervised methods, which identify known threats, unsupervised

methods tend to discover new risks. RNNs perform temporal access pattern analysis and

behavioural analytics to detect insider threats. NLP and automated responses further improve

real-time threat detection. Combining these to make hybrid architectures for robust auditing is an

idea I like. Scalable, automated auditing is available within cloud-based solutions, while

confidential computing enables secure analysis of encrypted data. However, complementary

technologies could be leveraged for different threats and to continue making systems more

resilient and less susceptible to varying threats as threats evolve.

Challenges in Implementation

There are technical and operational challenges in deploying such effective database

auditing systems. The main problem we face is performance hit since auditing introduces

processing overhead for logging, cryptography, and storage, which can degrade responsiveness,

particularly in high transaction systems such as e-commerce or finance. Selective auditing, fine-

tuning parameters, or dedicated hardware may be used depending on optimisation. The audit logs

can quickly grow, and storage is another issue because audit logs also need to be stored and

compressed, as well as data retention policies. However, the validity of audit records is more

8

difficult to guarantee in distributed and NoSQL systems due to their scalability. Tracking in

microservices is even more complex since every transaction involves multiple services. Cloud-

based databases raise other compliance concerns, audit data control, and liabilities attached to the

provider's responsibility. Also, such privacy regulations as GDPR raise auditing dilemmas, as

they restrict data retention and pushing. With the balance somewhere between security needs and

privacy laws, it has to be auditor though: methods such as redaction, pseudonymisation, and

purpose-limited logging can all be used (Naidu et al., 2023). Lastly, to effectively manage the

audit logs, it is complex. When data is captured, but no tools are available to analyse and alert on

the data, security teams may see false positives or possible missed incidents. Auditing should

include a regular review, incident response, and continuous tuning. Training people and

deploying expert tools for managing and interpreting the audit data also contribute to success.

Case Studies

A good example of database auditing for the healthcare industry is the mix of security

and operational requirements. The monitoring gaps were highlighted in a HIPAA audit of a

major hospital network in the northeastern U.S., after which a robust auditing system was

implemented. Some features included cryptographic hashing of log records, real-time alerts on

unusual access, and blockchain archiving critical documents. Machine learning models caught

inappropriate access to VIP patient files to help prevent HIPAA violations that cost money.

Within six months, the system spotted several unauthorised access attempts, and one of those

attempts was a local news personality’s records. Likewise, the financial sector is susceptible to

data and strict regulations and requires rigorous auditing. To detect fraud in its global transaction

database and meet SOX compliance needs, the multinational bank adopted an AI-powered

auditing framework to cover its global database. It checks millions of daily transactions, flags

9

anomalies, and relates access logs to network behaviour. It works with a blockchain-based ledger

to have enforceable records of all the database modifications. The system detected multiple

attempts at fraud in its first year of operation, and collusion between insider and outside actors

thwarted the chances of substantial financial losses in the first year. These case studies illustrate

that auditing solutions are customized to a given industry’s risks. Healthcare mainly stresses

privacy and compliance, and finance stresses fraud detection and data integrity. Performance

optimization, privacy-sensitive computer system integration, and seamless synchronicity are

emphasized. The success factors include executive support, sufficient resources, and continuous

adjustment of auditing parameters as the parameters are used in the real world.

Future Trends

Database auditing is experiencing a very rapid evolution as emerging technologies

mature. Among these, homomorphic encryption—a technology that lets you perform this

computation on encrypted data without decryption—is a notable advance. This permits securing

sensitive audit logs and auditing without compromising confidentiality, which is of primary

interest to financial institutions since they bear potential risks in the case of traditional auditing.

However, partially homomorphic schemes are currently practical for some auditing tasks.

Another breakthrough is zero-knowledge proofs (ZKPs), which allow compliance

verification without revealing the data. ZKPs are helpful to organisations in proving regulatory

compliance in a way that hides user activity and database content from third parties, for instance,

in external audits of operations conducted under strict confidentiality. These methods are being

advocated in emerging privacy-proving audit standards.

Quantum computing is threatening the current cryptographic systems used in auditing:

RSA and ECC. Therefore, bodies like NIST have developed and standardized post-quantum

10

cryptography, such as lattice and hash-based schemes, to combat this (NIST, 2017). These

quantum-resistant algorithms are now being adopted by organizations that need auditing over a

long period.

Blockchain-based decentralized identity systems may change how database access is

authenticated and audited (ZHANG et al., 2025). They provide tamper-proof, verifiable

credentials and remove dependence on trusted central identity providers. With innovative

contract-based policies for accessing them, they can automate and secure auditing like never

before. However, integrating the database with the traditional one remains a crux.

Finally, AI and large language models (LLMs) are changing auditing log analysis. These

tools can scan for patterns, predict threats, and summarize audit data in words, making them

easier to read and respond to. With the explainability and security of AI models becoming even

more critical, it will be essential for these to both exist and remain explainable and secure in a

context where auditor outputs may be called to account legally in regulated sectors (Chinnasamy,

2025). Overall, homomorphic encryption, ZKPs, quantum-resistant cryptography, decentralised

identity, and AI will change database auditing in the future, as we can now create more secure,

scalable, and intelligent systems that match changing security compliance requirements.

Conclusion

Logging started as simple and, over time, has become a multi-layered, sophisticated

cornerstone to the security of the database—secure auditing. This paper explores how modern

auditing combines cryptographic integrity checks, distributed verification, and intelligent

anomaly detection to combat growing threats. I provide case studies describing how these

technologies support the healthcare and finance sectors' security, compliance, and management

needs. However, trade-offs—performance, storage, and privacy considerations- must be

11

considered carefully and balanced. There is no one-size-fits-all; every organisation must use its

risk profile, regulatory emphasis, and operational real world to fit it (Fotios Roumpies &

Athanasios Kakarountas, 2023). Current limitations may soon be solved by emerging

technologies, which will enable the adoption of new capabilities as old ways of auditing are

redefined. Database professionals must stay current in the continuously evolving threat and

auditing development. Enterprise security strategies will continue to rely heavily on the process

of auditing as data becomes more and more valuable and regulations tighter. The compliance and

resilience of the auditing practices should be maintained through the proactive adoption of new

technologies and continuous improvement. Ongoing innovation in auditing will continue to drive

the future of database security to meet the demands of an ever-changing threat landscape.

12

References

Alder, S. (2025, January 30). 2024 Healthcare Data Breach Report. The HIPAA Journal.

https://www.hipaajournal.com/2024-healthcare-data-breach-report/

Buda, R. (2023, May 13). The Ultimate Oracle Database Security Assessment Checklist for

2023. Buda Consulting. https://budaconsulting.com/ultimate-oracle-database-security-

assessment-checklist/

Chaudhary, A. (2023, June 29). Cloud Security Threats and Predictions in 2023 | CSA.

Cloudsecurityalliance.org. https://cloudsecurityalliance.org/blog/2023/06/29/cloud-

security-threats-to-watch-out-for-in-2023-predictions-and-mitigation-strategies

Chinnasamy, P. (2025). AI-Powered Predictive Analytics for Cloud Performance Optimization

and Anomaly Detection. International Journal of Science and Research (IJSR), 14(3),

629–642. https://doi.org/10.21275/sr25311205448

Fotios Roumpies, & Athanasios Kakarountas. (2023). A Review of Homomorphic Encryption and

its Contribution to the Health Services Sector. https://doi.org/10.1145/3635059.3635096

Naidu, D., Bhushan Wanjari, Bhojwani, R., Saurabh Suchak, Baser, R., & Niranjan Kumar Ray.

(2023). Efficient Smart Contract for Privacy-Preserving Authentication in Blockchain

using Zero Knowledge Proof. https://doi.org/10.1109/ocit59427.2023.10430710

NIST. (2017, January 3). Post-Quantum Cryptography | CSRC | CSRC. CSRC | NIST.

https://csrc.nist.gov/projects/post-quantum-cryptography

NIST. (2024). Cybersecurity Framework. National Institute of Standards and Technology.

https://www.nist.gov/cyberframework

Pool, J. K., Akhlaghpour, S., Fatehi, F., & Jones, A. B. (2024). A systematic analysis of failures

in protecting personal health data: A scoping review. International Journal of

13

Information Management, 74(102719), 102719–102719.

https://doi.org/10.1016/j.ijinfomgt.2023.102719

Verizon. (2023). 2023 Data Breach Investigations Report. Verizon Business.

https://www.verizon.com/business/resources/reports/dbir/

ZHANG, Y., GENG, H., SU, L., & LU, L. (2025). A Blockchain-Based Efficient Data Integrity

Verification Scheme in Multi-Cloud Storage. Ieee.org.

https://ieeexplore.ieee.org/iel7/6287639/9668973/09907005.pdf