Hi Stephen,
if you have the Need to secure your NCM then do so.
A user with the rights to connect to the Orion DB can of course read the specific table (ConfigArchive). But this user has possible the access to the folder of the ConfigArchive, too.
So implement limitations.
First do anyone need a remote access to your Orion DB if not so then filter it. If you have a Microsoft machine (win 2012 R2) or something like that then take advantage of your firewall.
Also reduce the rights of access the configarchive folder for only a specific AD-Group.
If a NCM user is disabled he has no read-access anymore on your Oron DB.
For your backup Szenario please use an encryption such as bitlocker or other really fancy products.
So in my point of view you have to secure your machine and your applications on your NCM.
Kind regards,
Flo