Welcome!

Ruby-On-Rails Authors: Liz McMillan, Pat Romanski, Elizabeth White, Hovhannes Avoyan, Yeshim Deniz

Related Topics: @BigDataExpo, Linux Containers, Ruby-On-Rails

@BigDataExpo: Blog Post

Five Security Features of RDBMS That Help Enterprises

The use of relational databases for storing certain unstructured documents have been recently challenged

Security Strength Of  Relational Databases: Over the  years relational  databases  have been highly  successful  in protecting  the  enterprise  data.  Their  inherent  features  like  role based security,  GRANTS    and  coupled  with  the  fact  that  some one  needs  to  have    a  high knowledge of  the  database  design  itself  to  really  decipher  meaning  out of  a  relational  database.

Unrelated  to  the  above  statement, we  have  seen  a   huge  attack  on   large media enterprise   last month  resulted  in the compromise  of   several  of   confidential  documents  which  are  now  roaming  freely in the public  domain.  While  this  article  is  nothing  about  who has done  it  and  why  they have done it,   it  is  more  about  how    old  school  thoughts  on    Relational  database  design  could  keep  a  company  in a safe zone  even  after   the  network  is  hacked.

Over  the  last  couple of years,    the  usage  of  Relational  databases  for  storing  certain unstructured  documents  have  been  challenged  and    some  architectures  moved  towards  file  system  based  storage  like  ,  HDFS,  Amazon S3,  GFS, Azure BLOB  etc.. While  the  above  mentioned  file systems  are good  for  scalability,  performance  in a  few  situations,  we  cannot  discount  the  value  of  relational databases  in  securely  storing  the  data  and  ensure  that  an  hacker   will not  gain  the  semantics  of  the  data  so  easily  even  if the physical  network   and  server security  are compromised.

The  following  are  some  of  the  points  in  support of this  argument.

RDBMS  Design Is Complex: Most  of  the  File  system  based  approaches  deal  with hierarchical  storage  and  they  don't  do  normalization,  which  means  while  there is  some  efficiency  in  data  storage   they  are  also compromised  much easier.  Let  us consider  a  HR  Database  about  CEO Bonus  for  the  last  year.

In the  file  system  storage.

/Year/Bonuses/Corporate/CEO.xxx.

Consider  a  typical  and  well  thought  out  DB  Design.

Employee Table  (EmpId,......).

Code Table  (Compensation Code  (BONUS)).

Then  the  Transaction  table  which  may  link   Emp Id,  Compensation Code,  and  Value.

Also  if   IT  departments  take  conscious  decision   not  to  use  Friendly  names  for  the  tables  and avoid  foreign  keys  inside  the  database,  i.e   name  the  tables  like T00001(F1, F2...)  instead of  EMPLOYEE_BONUS,  and  don't keep the  metadata  documentation inside the  database,  then  it would be almost  impossible  for any one from  outside to  hack this information,  even  when  given  a   access to the  database.

There is  always  a  trade  off  between  keeping  a  friendly  names  and  meta data  inside the  database  versus  keeping them totally outside  else  where inside a  development  repository,  most  enterprises  would  be  OK  if  a  Developer  struggles  couple  of  days  more  in writing  a  query  versus   compromising  all of their   data  to a  hacker.

RBBMS Storage Is Proprietary: One  of  the  advantages  of  commercial  databases  like Oracle , DB2, SQL Server  etc..  is  that  their  internal  architecture  is  highly  proprietary  making  it difficult for other  third party tools  to  decipher  meaning  out  of  them.  For  example  the  above  databases  support CLOB,  BLOB  storage  types  which are typically  used  for  storing  large  amount  of  character and binary  data,  this  means  that  these  data  can  only  be understood  by  an  application  written specifically  for  them  and    most  times    it  is  not  easily  shared  with the  outside  world  like  the  file  system  based documents  that  are shared  freely  in  the  case  of  recent hack.

Additionally  most  databases  also  support  Encryption  features,  which  makes  deciphering  the  data outside  of  database context  very difficult.  For  example   the  below  are  the  notes  about  Transparent Database Encryption  feature in SQL Server.

Transparent data encryption (TDE) performs real-time I/O encryption and decryption of the data and log files. The encryption uses a database encryption key (DEK), which is stored in the database boot record for availability during recovery. The DEK is a symmetric key secured by using a certificate stored in the master database of the server or an asymmetric key protected by an EKM module. TDE protects data "at rest", meaning the data and log files. It provides the ability to comply with many laws, regulations, and guidelines established in various industries. This enables software developers to encrypt data by using AES and 3DES encryption algorithms without changing existing applications.

RDBMS Security is De-Coupled  From OS, Network: Most  times  it  is  the  network  and  server  security  are compromised  first  before  the database  is  conquered.  In  a  good  RDBMS  design  even  the DBAs  can  be  prevented  from  accessing  the  data, if  they  are  carefully abstracted  with the role  based  security,  fine  grained  access control  and  other  features like  views.  This  means  that  the  data  can  fully  secured  even  if  the   network  and  server  are compromised.  Having  said  that  most places  there is a  OS LEVEL  authentication  which  gives   complete  control  of  database,  but  if  thought  out  well,  this  link can  be de-coupled  and  make  your  enterprise  data  more  secure.

RDBMS Are Audited: Most  hacks  don't  happen  in  one  hour  or  even one  day,   it  is  a  fact  that  once  hackers    gain  control  of the  system  they spend  some time in navigating  between  servers  and  data  to ensure  that  they  get what  they  wanted.  Leading  RDBMS like  Oracle, SQL & DB2 have  rich  auditing  features  that  we  can  even  track  whether  a particular  column  is queried  from  certain tables.  For  example  if  there is  a  credit  card  number  column  we can audit for  any  access outside of the application  and  immediately  alert  the  entire  system  about  it,  which  may    help  in  avoiding  the   hacking  activity  to continue  for  all the sensitive  data.

The  below  are  some  notes  from  Fine  grained  Auditing  in  Sql  Server.  The example creates a database audit specification called Audit_Pay_Tables that audits SELECT and INSERT statements by the dbo user, for the HumanResources.

CREATE DATABASE AUDIT SPECIFICATION Audit_Pay_Tables

FOR SERVER AUDIT Payrole_Security_Audit

ADD (SELECT , INSERT

ON HumanResources.EmployeePayHistory BY dbo )

WITH (STATE = ON) ;

Similar   features  are  available  in Oracle  and  DB2  databases  also.

RDBMS Are Protected Against Human Errors: If  we  have  noticed  the  hack  story,  there  was  also  threat  to  delete  the  data  completely  after  is  stolen. This  is  even  a worse situation because  not  only  the  data  is compromised  but  it  is  no longer available  also.   While  the  backup  policies  can  help  in this,  it  would  be  still better  if  the   data analysts  can  go  back in  time  after  a   hack & delete  has happened to figure  out the  real  state as it exists before the  hack has happened.

Leading  RDBMS like  Oracle  has  got   a  concept  of  flashback  database   that  let   to view the past  states of  database  or   to return  database objects  to a  previous  state.  SQL Server  too has a  snapshot  concept  which  is  more  or  less   provide  this functionality.

This feature  cannot  be implemented in  a file system  which does  not  support  transactional  integrity.

Summary: While  there  is some  merit  in terms  of   scalability , performance  and  TCO perspective  in   tempting   the enterprises  to  utilize  file  system  based  storage  ,  however  it  has to  be considered  from  case  by  case  basis  and  any  mission  critical  data  is  highly  secured  when  gets  stored  in a  relational  database  with  proper design principles  behind  them.  After  all the  cost  of  a   hack  and  subsequent  loss  of  face  is  much bigger than  the licensing  costs  these  proven RDBMS  may  incur.

More Stories By Srinivasan Sundara Rajan

Highly passionate about utilizing Digital Technologies to enable next generation enterprise. Believes in enterprise transformation through the Natives (Cloud Native & Mobile Native).

@ThingsExpo Stories
SYS-CON Events announced today that Super Micro Computer, Inc., a global leader in compute, storage and networking technologies, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Supermicro (NASDAQ: SMCI), the leading innovator in high-performance, high-efficiency server technology, is a premier provider of advanced server Building Block Solutions® for Data Center, Cloud Computing, Enterprise IT, Hadoop/...
With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo 2016 in New York. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be! Internet of @ThingsExpo, taking place June 6-8, 2017, at the Javits Center in New York City, New York, is co-located with 20th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry p...
Judith Hurwitz is president and CEO of Hurwitz & Associates, a Needham, Mass., research and consulting firm focused on emerging technology, including big data, cognitive computing and governance. She is co-author of the book Cognitive Computing and Big Data Analytics, published in 2015. Her Cloud Expo session, "What Is the Business Imperative for Cognitive Computing?" is scheduled for Wednesday, June 8, at 8:40 a.m. In it, she puts cognitive computing into perspective with its value to the busin...
NHK, Japan Broadcasting, will feature the upcoming @ThingsExpo Silicon Valley in a special 'Internet of Things' and smart technology documentary that will be filmed on the expo floor between November 3 to 5, 2015, in Santa Clara. NHK is the sole public TV network in Japan equivalent to the BBC in the UK and the largest in Asia with many award-winning science and technology programs. Japanese TV is producing a documentary about IoT and Smart technology and will be covering @ThingsExpo Silicon Val...
The 20th International Cloud Expo has announced that its Call for Papers is open. Cloud Expo, to be held June 6-8, 2017, at the Javits Center in New York City, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Containers, Microservices and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportunity. Submit your speaking proposal ...
SYS-CON Events announced today that CollabNet, a global leader in enterprise software development, release automation and DevOps solutions, will be a Bronze Sponsor of SYS-CON's 20th International Cloud Expo®, taking place from June 6-8, 2017, at the Javits Center in New York City, NY. CollabNet offers a broad range of solutions with the mission of helping modern organizations deliver quality software at speed. The company’s latest innovation, the DevOps Lifecycle Manager (DLM), supports Value S...
The age of Digital Disruption is evolving into the next era – Digital Cohesion, an age in which applications securely self-assemble and deliver predictive services that continuously adapt to user behavior. Information from devices, sensors and applications around us will drive services seamlessly across mobile and fixed devices/infrastructure. This evolution is happening now in software defined services and secure networking. Four key drivers – Performance, Economics, Interoperability and Trust ...
With billions of sensors deployed worldwide, the amount of machine-generated data will soon exceed what our networks can handle. But consumers and businesses will expect seamless experiences and real-time responsiveness. What does this mean for IoT devices and the infrastructure that supports them? More of the data will need to be handled at - or closer to - the devices themselves.
In his keynote at @ThingsExpo, Chris Matthieu, Director of IoT Engineering at Citrix and co-founder and CTO of Octoblu, focused on building an IoT platform and company. He provided a behind-the-scenes look at Octoblu’s platform, business, and pivots along the way (including the Citrix acquisition of Octoblu).
Grape Up is a software company, specialized in cloud native application development and professional services related to Cloud Foundry PaaS. With five expert teams that operate in various sectors of the market across the USA and Europe, we work with a variety of customers from emerging startups to Fortune 1000 companies.
Financial Technology has become a topic of intense interest throughout the cloud developer and enterprise IT communities. Accordingly, attendees at the upcoming 20th Cloud Expo at the Javits Center in New York, June 6-8, 2017, will find fresh new content in a new track called FinTech.
SYS-CON Events announced today that Interoute, owner-operator of one of Europe's largest networks and a global cloud services platform, has been named “Bronze Sponsor” of SYS-CON's 20th Cloud Expo, which will take place on June 6-8, 2017 at the Javits Center in New York, New York. Interoute is the owner-operator of one of Europe's largest networks and a global cloud services platform which encompasses 12 data centers, 14 virtual data centers and 31 colocation centers, with connections to 195 add...
Multiple data types are pouring into IoT deployments. Data is coming in small packages as well as enormous files and data streams of many sizes. Widespread use of mobile devices adds to the total. In this power panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, panelists will look at the tools and environments that are being put to use in IoT deployments, as well as the team skills a modern enterprise IT shop needs to keep things running, get a handle on all this data, and deli...
The Internet of Things is clearly many things: data collection and analytics, wearables, Smart Grids and Smart Cities, the Industrial Internet, and more. Cool platforms like Arduino, Raspberry Pi, Intel's Galileo and Edison, and a diverse world of sensors are making the IoT a great toy box for developers in all these areas. In this Power Panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, panelists discussed what things are the most important, which will have the most profound e...
@ThingsExpo has been named the Most Influential ‘Smart Cities - IIoT' Account and @BigDataExpo has been named fourteenth by Right Relevance (RR), which provides curated information and intelligence on approximately 50,000 topics. In addition, Right Relevance provides an Insights offering that combines the above Topics and Influencers information with real time conversations to provide actionable intelligence with visualizations to enable decision making. The Insights service is applicable to eve...
SYS-CON Events announced today that Grape Up will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct. 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Grape Up is a software company specializing in cloud native application development and professional services related to Cloud Foundry PaaS. With five expert teams that operate in various sectors of the market across the U.S. and Europe, Grape Up works with a variety of customers from emergi...
DevOps is often described as a combination of technology and culture. Without both, DevOps isn't complete. However, applying the culture to outdated technology is a recipe for disaster; as response times grow and connections between teams are delayed by technology, the culture will die. A Nutanix Enterprise Cloud has many benefits that provide the needed base for a true DevOps paradigm.
SYS-CON Events announced today that T-Mobile will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. As America's Un-carrier, T-Mobile US, Inc., is redefining the way consumers and businesses buy wireless services through leading product and service innovation. The Company's advanced nationwide 4G LTE network delivers outstanding wireless experiences to 67.4 million customers who are unwilling to compromise on ...
@GonzalezCarmen has been ranked the Number One Influencer and @ThingsExpo has been named the Number One Brand in the “M2M 2016: Top 100 Influencers and Brands” by Analytic. Onalytica analyzed tweets over the last 6 months mentioning the keywords M2M OR “Machine to Machine.” They then identified the top 100 most influential brands and individuals leading the discussion on Twitter.
With major technology companies and startups seriously embracing Cloud strategies, now is the perfect time to attend @CloudExpo | @ThingsExpo, June 6-8, 2017, at the Javits Center in New York City, NY and October 31 - November 2, 2017, Santa Clara Convention Center, CA. Learn what is going on, contribute to the discussions, and ensure that your enterprise is on the right path to Digital Transformation.