Welcome!

Ruby-On-Rails Authors: Liz McMillan, Pat Romanski, Elizabeth White, Hovhannes Avoyan, Yeshim Deniz

Related Topics: @BigDataExpo, Linux Containers, Ruby-On-Rails

@BigDataExpo: Blog Post

Five Security Features of RDBMS That Help Enterprises

The use of relational databases for storing certain unstructured documents have been recently challenged

Security Strength Of  Relational Databases: Over the  years relational  databases  have been highly  successful  in protecting  the  enterprise  data.  Their  inherent  features  like  role based security,  GRANTS    and  coupled  with  the  fact  that  some one  needs  to  have    a  high knowledge of  the  database  design  itself  to  really  decipher  meaning  out of  a  relational  database.

Unrelated  to  the  above  statement, we  have  seen  a   huge  attack  on   large media enterprise   last month  resulted  in the compromise  of   several  of   confidential  documents  which  are  now  roaming  freely in the public  domain.  While  this  article  is  nothing  about  who has done  it  and  why  they have done it,   it  is  more  about  how    old  school  thoughts  on    Relational  database  design  could  keep  a  company  in a safe zone  even  after   the  network  is  hacked.

Over  the  last  couple of years,    the  usage  of  Relational  databases  for  storing  certain unstructured  documents  have  been  challenged  and    some  architectures  moved  towards  file  system  based  storage  like  ,  HDFS,  Amazon S3,  GFS, Azure BLOB  etc.. While  the  above  mentioned  file systems  are good  for  scalability,  performance  in a  few  situations,  we  cannot  discount  the  value  of  relational databases  in  securely  storing  the  data  and  ensure  that  an  hacker   will not  gain  the  semantics  of  the  data  so  easily  even  if the physical  network   and  server security  are compromised.

The  following  are  some  of  the  points  in  support of this  argument.

RDBMS  Design Is Complex: Most  of  the  File  system  based  approaches  deal  with hierarchical  storage  and  they  don't  do  normalization,  which  means  while  there is  some  efficiency  in  data  storage   they  are  also compromised  much easier.  Let  us consider  a  HR  Database  about  CEO Bonus  for  the  last  year.

In the  file  system  storage.

/Year/Bonuses/Corporate/CEO.xxx.

Consider  a  typical  and  well  thought  out  DB  Design.

Employee Table  (EmpId,......).

Code Table  (Compensation Code  (BONUS)).

Then  the  Transaction  table  which  may  link   Emp Id,  Compensation Code,  and  Value.

Also  if   IT  departments  take  conscious  decision   not  to  use  Friendly  names  for  the  tables  and avoid  foreign  keys  inside  the  database,  i.e   name  the  tables  like T00001(F1, F2...)  instead of  EMPLOYEE_BONUS,  and  don't keep the  metadata  documentation inside the  database,  then  it would be almost  impossible  for any one from  outside to  hack this information,  even  when  given  a   access to the  database.

There is  always  a  trade  off  between  keeping  a  friendly  names  and  meta data  inside the  database  versus  keeping them totally outside  else  where inside a  development  repository,  most  enterprises  would  be  OK  if  a  Developer  struggles  couple  of  days  more  in writing  a  query  versus   compromising  all of their   data  to a  hacker.

RBBMS Storage Is Proprietary: One  of  the  advantages  of  commercial  databases  like Oracle , DB2, SQL Server  etc..  is  that  their  internal  architecture  is  highly  proprietary  making  it difficult for other  third party tools  to  decipher  meaning  out  of  them.  For  example  the  above  databases  support CLOB,  BLOB  storage  types  which are typically  used  for  storing  large  amount  of  character and binary  data,  this  means  that  these  data  can  only  be understood  by  an  application  written specifically  for  them  and    most  times    it  is  not  easily  shared  with the  outside  world  like  the  file  system  based documents  that  are shared  freely  in  the  case  of  recent hack.

Additionally  most  databases  also  support  Encryption  features,  which  makes  deciphering  the  data outside  of  database context  very difficult.  For  example   the  below  are  the  notes  about  Transparent Database Encryption  feature in SQL Server.

Transparent data encryption (TDE) performs real-time I/O encryption and decryption of the data and log files. The encryption uses a database encryption key (DEK), which is stored in the database boot record for availability during recovery. The DEK is a symmetric key secured by using a certificate stored in the master database of the server or an asymmetric key protected by an EKM module. TDE protects data "at rest", meaning the data and log files. It provides the ability to comply with many laws, regulations, and guidelines established in various industries. This enables software developers to encrypt data by using AES and 3DES encryption algorithms without changing existing applications.

RDBMS Security is De-Coupled  From OS, Network: Most  times  it  is  the  network  and  server  security  are compromised  first  before  the database  is  conquered.  In  a  good  RDBMS  design  even  the DBAs  can  be  prevented  from  accessing  the  data, if  they  are  carefully abstracted  with the role  based  security,  fine  grained  access control  and  other  features like  views.  This  means  that  the  data  can  fully  secured  even  if  the   network  and  server  are compromised.  Having  said  that  most places  there is a  OS LEVEL  authentication  which  gives   complete  control  of  database,  but  if  thought  out  well,  this  link can  be de-coupled  and  make  your  enterprise  data  more  secure.

RDBMS Are Audited: Most  hacks  don't  happen  in  one  hour  or  even one  day,   it  is  a  fact  that  once  hackers    gain  control  of the  system  they spend  some time in navigating  between  servers  and  data  to ensure  that  they  get what  they  wanted.  Leading  RDBMS like  Oracle, SQL & DB2 have  rich  auditing  features  that  we  can  even  track  whether  a particular  column  is queried  from  certain tables.  For  example  if  there is  a  credit  card  number  column  we can audit for  any  access outside of the application  and  immediately  alert  the  entire  system  about  it,  which  may    help  in  avoiding  the   hacking  activity  to continue  for  all the sensitive  data.

The  below  are  some  notes  from  Fine  grained  Auditing  in  Sql  Server.  The example creates a database audit specification called Audit_Pay_Tables that audits SELECT and INSERT statements by the dbo user, for the HumanResources.

CREATE DATABASE AUDIT SPECIFICATION Audit_Pay_Tables

FOR SERVER AUDIT Payrole_Security_Audit

ADD (SELECT , INSERT

ON HumanResources.EmployeePayHistory BY dbo )

WITH (STATE = ON) ;

Similar   features  are  available  in Oracle  and  DB2  databases  also.

RDBMS Are Protected Against Human Errors: If  we  have  noticed  the  hack  story,  there  was  also  threat  to  delete  the  data  completely  after  is  stolen. This  is  even  a worse situation because  not  only  the  data  is compromised  but  it  is  no longer available  also.   While  the  backup  policies  can  help  in this,  it  would  be  still better  if  the   data analysts  can  go  back in  time  after  a   hack & delete  has happened to figure  out the  real  state as it exists before the  hack has happened.

Leading  RDBMS like  Oracle  has  got   a  concept  of  flashback  database   that  let   to view the past  states of  database  or   to return  database objects  to a  previous  state.  SQL Server  too has a  snapshot  concept  which  is  more  or  less   provide  this functionality.

This feature  cannot  be implemented in  a file system  which does  not  support  transactional  integrity.

Summary: While  there  is some  merit  in terms  of   scalability , performance  and  TCO perspective  in   tempting   the enterprises  to  utilize  file  system  based  storage  ,  however  it  has to  be considered  from  case  by  case  basis  and  any  mission  critical  data  is  highly  secured  when  gets  stored  in a  relational  database  with  proper design principles  behind  them.  After  all the  cost  of  a   hack  and  subsequent  loss  of  face  is  much bigger than  the licensing  costs  these  proven RDBMS  may  incur.

More Stories By Srinivasan Sundara Rajan

Highly passionate about utilizing Digital Technologies to enable next generation enterprise. Believes in enterprise transformation through the Natives (Cloud Native & Mobile Native).

@ThingsExpo Stories
SYS-CON Events announced today that Dasher Technologies will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Dasher Technologies, Inc. ® is a premier IT solution provider that delivers expert technical resources along with trusted account executives to architect and deliver complete IT solutions and services to help our clients execute their goals, plans and objectives. Since 1999, we'v...
SYS-CON Events announced today that TidalScale, a leading provider of systems and services, will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. TidalScale has been involved in shaping the computing landscape. They've designed, developed and deployed some of the most important and successful systems and services in the history of the computing industry - internet, Ethernet, operating s...
Enterprises have taken advantage of IoT to achieve important revenue and cost advantages. What is less apparent is how incumbent enterprises operating at scale have, following success with IoT, built analytic, operations management and software development capabilities – ranging from autonomous vehicles to manageable robotics installations. They have embraced these capabilities as if they were Silicon Valley startups. As a result, many firms employ new business models that place enormous impor...
Coca-Cola’s Google powered digital signage system lays the groundwork for a more valuable connection between Coke and its customers. Digital signs pair software with high-resolution displays so that a message can be changed instantly based on what the operator wants to communicate or sell. In their Day 3 Keynote at 21st Cloud Expo, Greg Chambers, Global Group Director, Digital Innovation, Coca-Cola, and Vidya Nagarajan, a Senior Product Manager at Google, will discuss how from store operations...
Nordstrom is transforming the way that they do business and the cloud is the key to enabling speed and hyper personalized customer experiences. In his session at 21st Cloud Expo, Ken Schow, VP of Engineering at Nordstrom, will discuss some of the key learnings and common pitfalls of large enterprises moving to the cloud. This includes strategies around choosing a cloud provider(s), architecture, and lessons learned. In addition, he’ll go over some of the best practices for structured team migrat...
SYS-CON Events announced today that Taica will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Taica manufacturers Alpha-GEL brand silicone components and materials, which maintain outstanding performance over a wide temperature range -40C to +200C. For more information, visit http://www.taica.co.jp/english/.
SYS-CON Events announced today that MIRAI Inc. will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. MIRAI Inc. are IT consultants from the public sector whose mission is to solve social issues by technology and innovation and to create a meaningful future for people.
Recently, REAN Cloud built a digital concierge for a North Carolina hospital that had observed that most patient call button questions were repetitive. In addition, the paper-based process used to measure patient health metrics was laborious, not in real-time and sometimes error-prone. In their session at 21st Cloud Expo, Sean Finnerty, Executive Director, Practice Lead, Health Care & Life Science at REAN Cloud, and Dr. S.P.T. Krishnan, Principal Architect at REAN Cloud, will discuss how they bu...
As hybrid cloud becomes the de-facto standard mode of operation for most enterprises, new challenges arise on how to efficiently and economically share data across environments. In his session at 21st Cloud Expo, Dr. Allon Cohen, VP of Product at Elastifile, will explore new techniques and best practices that help enterprise IT benefit from the advantages of hybrid cloud environments by enabling data availability for both legacy enterprise and cloud-native mission critical applications. By rev...
Join IBM November 1 at 21st Cloud Expo at the Santa Clara Convention Center in Santa Clara, CA, and learn how IBM Watson can bring cognitive services and AI to intelligent, unmanned systems. Cognitive analysis impacts today’s systems with unparalleled ability that were previously available only to manned, back-end operations. Thanks to cloud processing, IBM Watson can bring cognitive services and AI to intelligent, unmanned systems. Imagine a robot vacuum that becomes your personal assistant tha...
With major technology companies and startups seriously embracing Cloud strategies, now is the perfect time to attend 21st Cloud Expo October 31 - November 2, 2017, at the Santa Clara Convention Center, CA, and June 12-14, 2018, at the Javits Center in New York City, NY, and learn what is going on, contribute to the discussions, and ensure that your enterprise is on the right path to Digital Transformation.
SYS-CON Events announced today that Datera will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Datera offers a radically new approach to data management, where innovative software makes data infrastructure invisible, elastic and able to perform at the highest level. It eliminates hardware lock-in and gives IT organizations the choice to source x86 server nodes, with business model option...
Infoblox delivers Actionable Network Intelligence to enterprise, government, and service provider customers around the world. They are the industry leader in DNS, DHCP, and IP address management, the category known as DDI. We empower thousands of organizations to control and secure their networks from the core-enabling them to increase efficiency and visibility, improve customer service, and meet compliance requirements.
Digital transformation is changing the face of business. The IDC predicts that enterprises will commit to a massive new scale of digital transformation, to stake out leadership positions in the "digital transformation economy." Accordingly, attendees at the upcoming Cloud Expo | @ThingsExpo at the Santa Clara Convention Center in Santa Clara, CA, Oct 31-Nov 2, will find fresh new content in a new track called Enterprise Cloud & Digital Transformation.
SYS-CON Events announced today that N3N will exhibit at SYS-CON's @ThingsExpo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. N3N’s solutions increase the effectiveness of operations and control centers, increase the value of IoT investments, and facilitate real-time operational decision making. N3N enables operations teams with a four dimensional digital “big board” that consolidates real-time live video feeds alongside IoT sensor data a...
SYS-CON Events announced today that NetApp has been named “Bronze Sponsor” of SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. NetApp is the data authority for hybrid cloud. NetApp provides a full range of hybrid cloud data services that simplify management of applications and data across cloud and on-premises environments to accelerate digital transformation. Together with their partners, NetApp emp...
Smart cities have the potential to change our lives at so many levels for citizens: less pollution, reduced parking obstacles, better health, education and more energy savings. Real-time data streaming and the Internet of Things (IoT) possess the power to turn this vision into a reality. However, most organizations today are building their data infrastructure to focus solely on addressing immediate business needs vs. a platform capable of quickly adapting emerging technologies to address future ...
SYS-CON Events announced today that Avere Systems, a leading provider of hybrid cloud enablement solutions, will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Avere Systems was created by file systems experts determined to reinvent storage by changing the way enterprises thought about and bought storage resources. With decades of experience behind the company’s founders, Avere got its ...
SYS-CON Events announced today that Avere Systems, a leading provider of enterprise storage for the hybrid cloud, will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Avere delivers a more modern architectural approach to storage that doesn't require the overprovisioning of storage capacity to achieve performance, overspending on expensive storage media for inactive data or the overbui...
SYS-CON Events announced today that IBM has been named “Diamond Sponsor” of SYS-CON's 21st Cloud Expo, which will take place on October 31 through November 2nd 2017 at the Santa Clara Convention Center in Santa Clara, California.