[jpalomaki]

Prevent direct database access or at least allow it only from jump servers which don’t allow file transfers.

For troubleshooting purposes create debugging tools. Log and check their usage. When things mature, you can even require multiple admins to work together for certain actions.

Minimize human access to production envs. Automate deployments. When access is needed, use jump servers and block file transfers (or force them to go through channel that is audited).

Do review logs and alerts on regular basis. Put effort to minimize false alerts and excessive logging. Quite when reviewing logs you just notice things that “don’t look right”.

Nothing is 100% secure, but also people with bad intensions don’t always have unlimited skills/energy/time.