All operations are recorded to your database transaction log file, especially if you are using Full Recovery Model; therefore, you can take advantage of a few simple queries to double-check who is running which command in the database. For more on this, read up on how to view the important information within your transaction log file . Some would consider this transaction log file forensics; I prefer to think of it as doing your job as a vigilant DBA. In the linked blog post, I describe how you can set up jobs to alert you of unwanted data manipulation language (DML) statements (such as inserts, updates, delete) or data definition language (DDL) (such as create, drop, alter).
Data security is a shared responsibility between you, the customer, and your database provider. Depending on the database provider you choose, the amount of responsibility you carry can vary. If you choose an on-premises solution, you need to provide everything from end-point protection to physical security of your hardware - which is no easy task. If you choose a PaaS cloud database provider such as Azure Cosmos DB, your area of concern shrinks considerably. The following image, borrowed from Microsoft's Shared Responsibilities for Cloud Computing white paper, shows how your responsibility decreases with a PaaS provider like Azure Cosmos DB.
The rise of cloud computing has had a significant impact –– most notably server and storage infrastructure –– as enterprises explore and enjoy the potential cost and agility benefits that come with using virtual, on–demand infrastructure. Database as a service (DBaaS) offers multiple potential benefits, including lower database licensing and infrastructure costs, faster time to application development, and reduced administration overheads. This analyst report explores the factors shaping the switch to DBaaS, including the potential benefits and challenges to adoption, the economics of the cloud as they relate to database workloads, and adoption lifecycles.