Welcome!

Ruby-On-Rails Authors: Liz McMillan, Pat Romanski, Elizabeth White, Hovhannes Avoyan, Yeshim Deniz

Related Topics: @BigDataExpo, Linux Containers, Ruby-On-Rails

@BigDataExpo: Blog Post

Five Security Features of RDBMS That Help Enterprises

The use of relational databases for storing certain unstructured documents have been recently challenged

Security Strength Of  Relational Databases: Over the  years relational  databases  have been highly  successful  in protecting  the  enterprise  data.  Their  inherent  features  like  role based security,  GRANTS    and  coupled  with  the  fact  that  some one  needs  to  have    a  high knowledge of  the  database  design  itself  to  really  decipher  meaning  out of  a  relational  database.

Unrelated  to  the  above  statement, we  have  seen  a   huge  attack  on   large media enterprise   last month  resulted  in the compromise  of   several  of   confidential  documents  which  are  now  roaming  freely in the public  domain.  While  this  article  is  nothing  about  who has done  it  and  why  they have done it,   it  is  more  about  how    old  school  thoughts  on    Relational  database  design  could  keep  a  company  in a safe zone  even  after   the  network  is  hacked.

Over  the  last  couple of years,    the  usage  of  Relational  databases  for  storing  certain unstructured  documents  have  been  challenged  and    some  architectures  moved  towards  file  system  based  storage  like  ,  HDFS,  Amazon S3,  GFS, Azure BLOB  etc.. While  the  above  mentioned  file systems  are good  for  scalability,  performance  in a  few  situations,  we  cannot  discount  the  value  of  relational databases  in  securely  storing  the  data  and  ensure  that  an  hacker   will not  gain  the  semantics  of  the  data  so  easily  even  if the physical  network   and  server security  are compromised.

The  following  are  some  of  the  points  in  support of this  argument.

RDBMS  Design Is Complex: Most  of  the  File  system  based  approaches  deal  with hierarchical  storage  and  they  don't  do  normalization,  which  means  while  there is  some  efficiency  in  data  storage   they  are  also compromised  much easier.  Let  us consider  a  HR  Database  about  CEO Bonus  for  the  last  year.

In the  file  system  storage.

/Year/Bonuses/Corporate/CEO.xxx.

Consider  a  typical  and  well  thought  out  DB  Design.

Employee Table  (EmpId,......).

Code Table  (Compensation Code  (BONUS)).

Then  the  Transaction  table  which  may  link   Emp Id,  Compensation Code,  and  Value.

Also  if   IT  departments  take  conscious  decision   not  to  use  Friendly  names  for  the  tables  and avoid  foreign  keys  inside  the  database,  i.e   name  the  tables  like T00001(F1, F2...)  instead of  EMPLOYEE_BONUS,  and  don't keep the  metadata  documentation inside the  database,  then  it would be almost  impossible  for any one from  outside to  hack this information,  even  when  given  a   access to the  database.

There is  always  a  trade  off  between  keeping  a  friendly  names  and  meta data  inside the  database  versus  keeping them totally outside  else  where inside a  development  repository,  most  enterprises  would  be  OK  if  a  Developer  struggles  couple  of  days  more  in writing  a  query  versus   compromising  all of their   data  to a  hacker.

RBBMS Storage Is Proprietary: One  of  the  advantages  of  commercial  databases  like Oracle , DB2, SQL Server  etc..  is  that  their  internal  architecture  is  highly  proprietary  making  it difficult for other  third party tools  to  decipher  meaning  out  of  them.  For  example  the  above  databases  support CLOB,  BLOB  storage  types  which are typically  used  for  storing  large  amount  of  character and binary  data,  this  means  that  these  data  can  only  be understood  by  an  application  written specifically  for  them  and    most  times    it  is  not  easily  shared  with the  outside  world  like  the  file  system  based documents  that  are shared  freely  in  the  case  of  recent hack.

Additionally  most  databases  also  support  Encryption  features,  which  makes  deciphering  the  data outside  of  database context  very difficult.  For  example   the  below  are  the  notes  about  Transparent Database Encryption  feature in SQL Server.

Transparent data encryption (TDE) performs real-time I/O encryption and decryption of the data and log files. The encryption uses a database encryption key (DEK), which is stored in the database boot record for availability during recovery. The DEK is a symmetric key secured by using a certificate stored in the master database of the server or an asymmetric key protected by an EKM module. TDE protects data "at rest", meaning the data and log files. It provides the ability to comply with many laws, regulations, and guidelines established in various industries. This enables software developers to encrypt data by using AES and 3DES encryption algorithms without changing existing applications.

RDBMS Security is De-Coupled  From OS, Network: Most  times  it  is  the  network  and  server  security  are compromised  first  before  the database  is  conquered.  In  a  good  RDBMS  design  even  the DBAs  can  be  prevented  from  accessing  the  data, if  they  are  carefully abstracted  with the role  based  security,  fine  grained  access control  and  other  features like  views.  This  means  that  the  data  can  fully  secured  even  if  the   network  and  server  are compromised.  Having  said  that  most places  there is a  OS LEVEL  authentication  which  gives   complete  control  of  database,  but  if  thought  out  well,  this  link can  be de-coupled  and  make  your  enterprise  data  more  secure.

RDBMS Are Audited: Most  hacks  don't  happen  in  one  hour  or  even one  day,   it  is  a  fact  that  once  hackers    gain  control  of the  system  they spend  some time in navigating  between  servers  and  data  to ensure  that  they  get what  they  wanted.  Leading  RDBMS like  Oracle, SQL & DB2 have  rich  auditing  features  that  we  can  even  track  whether  a particular  column  is queried  from  certain tables.  For  example  if  there is  a  credit  card  number  column  we can audit for  any  access outside of the application  and  immediately  alert  the  entire  system  about  it,  which  may    help  in  avoiding  the   hacking  activity  to continue  for  all the sensitive  data.

The  below  are  some  notes  from  Fine  grained  Auditing  in  Sql  Server.  The example creates a database audit specification called Audit_Pay_Tables that audits SELECT and INSERT statements by the dbo user, for the HumanResources.

CREATE DATABASE AUDIT SPECIFICATION Audit_Pay_Tables

FOR SERVER AUDIT Payrole_Security_Audit

ADD (SELECT , INSERT

ON HumanResources.EmployeePayHistory BY dbo )

WITH (STATE = ON) ;

Similar   features  are  available  in Oracle  and  DB2  databases  also.

RDBMS Are Protected Against Human Errors: If  we  have  noticed  the  hack  story,  there  was  also  threat  to  delete  the  data  completely  after  is  stolen. This  is  even  a worse situation because  not  only  the  data  is compromised  but  it  is  no longer available  also.   While  the  backup  policies  can  help  in this,  it  would  be  still better  if  the   data analysts  can  go  back in  time  after  a   hack & delete  has happened to figure  out the  real  state as it exists before the  hack has happened.

Leading  RDBMS like  Oracle  has  got   a  concept  of  flashback  database   that  let   to view the past  states of  database  or   to return  database objects  to a  previous  state.  SQL Server  too has a  snapshot  concept  which  is  more  or  less   provide  this functionality.

This feature  cannot  be implemented in  a file system  which does  not  support  transactional  integrity.

Summary: While  there  is some  merit  in terms  of   scalability , performance  and  TCO perspective  in   tempting   the enterprises  to  utilize  file  system  based  storage  ,  however  it  has to  be considered  from  case  by  case  basis  and  any  mission  critical  data  is  highly  secured  when  gets  stored  in a  relational  database  with  proper design principles  behind  them.  After  all the  cost  of  a   hack  and  subsequent  loss  of  face  is  much bigger than  the licensing  costs  these  proven RDBMS  may  incur.

More Stories By Srinivasan Sundara Rajan

Highly passionate about utilizing Digital Technologies to enable next generation enterprise. Believes in enterprise transformation through the Natives (Cloud Native & Mobile Native).

@ThingsExpo Stories
With billions of sensors deployed worldwide, the amount of machine-generated data will soon exceed what our networks can handle. But consumers and businesses will expect seamless experiences and real-time responsiveness. What does this mean for IoT devices and the infrastructure that supports them? More of the data will need to be handled at - or closer to - the devices themselves.
DevOps is often described as a combination of technology and culture. Without both, DevOps isn't complete. However, applying the culture to outdated technology is a recipe for disaster; as response times grow and connections between teams are delayed by technology, the culture will die. A Nutanix Enterprise Cloud has many benefits that provide the needed base for a true DevOps paradigm.
My team embarked on building a data lake for our sales and marketing data to better understand customer journeys. This required building a hybrid data pipeline to connect our cloud CRM with the new Hadoop Data Lake. One challenge is that IT was not in a position to provide support until we proved value and marketing did not have the experience, so we embarked on the journey ourselves within the product marketing team for our line of business within Progress. In his session at @BigDataExpo, Sum...
SYS-CON Events announced today that Loom Systems will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Founded in 2015, Loom Systems delivers an advanced AI solution to predict and prevent problems in the digital business. Loom stands alone in the industry as an AI analysis platform requiring no prior math knowledge from operators, leveraging the existing staff to succeed in the digital era. With offices in S...
The taxi industry never saw Uber coming. Startups are a threat to incumbents like never before, and a major enabler for startups is that they are instantly “cloud ready.” If innovation moves at the pace of IT, then your company is in trouble. Why? Because your data center will not keep up with frenetic pace AWS, Microsoft and Google are rolling out new capabilities In his session at 20th Cloud Expo, Don Browning, VP of Cloud Architecture at Turner, will posit that disruption is inevitable for c...
SYS-CON Events announced today that Telecom Reseller has been named “Media Sponsor” of SYS-CON's 20th International Cloud Expo, which will take place on June 6–8, 2017, at the Javits Center in New York City, NY. Telecom Reseller reports on Unified Communications, UCaaS, BPaaS for enterprise and SMBs. They report extensively on both customer premises based solutions such as IP-PBX as well as cloud based and hosted platforms.
SYS-CON Events announced today that Ocean9will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Ocean9 provides cloud services for Backup, Disaster Recovery (DRaaS) and instant Innovation, and redefines enterprise infrastructure with its cloud native subscription offerings for mission critical SAP workloads.
SYS-CON Events announced today that Cloudistics, an on-premises cloud computing company, has been named “Bronze Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Cloudistics delivers a complete public cloud experience with composable on-premises infrastructures to medium and large enterprises. Its software-defined technology natively converges network, storage, compute, virtualization, and management into a ...
SYS-CON Events announced today that CA Technologies has been named “Platinum Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY, and the 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. CA Technologies helps customers succeed in a future where every business – from apparel to energy – is being rewritten by software. From ...
SYS-CON Events announced today that T-Mobile will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. As America's Un-carrier, T-Mobile US, Inc., is redefining the way consumers and businesses buy wireless services through leading product and service innovation. The Company's advanced nationwide 4G LTE network delivers outstanding wireless experiences to 67.4 million customers who are unwilling to compromise on ...
Keeping pace with advancements in software delivery processes and tooling is taxing even for the most proficient organizations. Point tools, platforms, open source and the increasing adoption of private and public cloud services requires strong engineering rigor - all in the face of developer demands to use the tools of choice. As Agile has settled in as a mainstream practice, now DevOps has emerged as the next wave to improve software delivery speed and output. To make DevOps work, organization...
SYS-CON Events announced today that SoftLayer, an IBM Company, has been named “Gold Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2016, at the Javits Center in New York, New York. SoftLayer, an IBM Company, provides cloud infrastructure as a service from a growing number of data centers and network points of presence around the world. SoftLayer’s customers range from Web startups to global enterprises.
SYS-CON Events announced today that Addteq will exhibit at SYS-CON's DevOps Summit at Cloud Expo, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Addteq specializes in creating innovative solutions to solve business processes through the use of DevOps automation. Addteq was founded on the firm belief that automation is essential for successful software releases. Addteq's products and services are centered around the fundamental approach of understanding the pr...
SYS-CON Events announced today that Infranics will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Since 2000, Infranics has developed SysMaster Suite, which is required for the stable and efficient management of ICT infrastructure. The ICT management solution developed and provided by Infranics continues to add intelligence to the ICT infrastructure through the IMC (Infra Management Cycle) based on mathemat...
"I think that everyone recognizes that for IoT to really realize its full potential and value that it is about creating ecosystems and marketplaces and that no single vendor is able to support what is required," explained Esmeralda Swartz, VP, Marketing Enterprise and Cloud at Ericsson, in this SYS-CON.tv interview at @ThingsExpo, held June 7-9, 2016, at the Javits Center in New York City, NY.
The buzz continues for cloud, data analytics and the Internet of Things (IoT) and their collective impact across all industries. But a new conversation is emerging - how do companies use industry disruption and technology enablers to lead in markets undergoing change, uncertainty and ambiguity? Organizations of all sizes need to evolve and transform, often under massive pressure, as industry lines blur and merge and traditional business models are assaulted and turned upside down. In this new da...
Web Real-Time Communication APIs have quickly revolutionized what browsers are capable of. In addition to video and audio streams, we can now bi-directionally send arbitrary data over WebRTC's PeerConnection Data Channels. With the advent of Progressive Web Apps and new hardware APIs such as WebBluetooh and WebUSB, we can finally enable users to stitch together the Internet of Things directly from their browsers while communicating privately and securely in a decentralized way.
SYS-CON Events announced today that HTBase will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. HTBase (Gartner 2016 Cool Vendor) delivers a Composable IT infrastructure solution architected for agility and increased efficiency. It turns compute, storage, and fabric into fluid pools of resources that are easily composed and re-composed to meet each application’s needs. With HTBase, companies can quickly prov...
SYS-CON Events announced today that Outlyer, a monitoring service for DevOps and operations teams, has been named “Bronze Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Outlyer is a monitoring service for DevOps and Operations teams running Cloud, SaaS, Microservices and IoT deployments. Designed for today's dynamic environments that need beyond cloud-scale monitoring, we make monitoring effortless so you ...
SYS-CON Events announced today that MobiDev, a client-oriented software development company, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place June 6-8, 2017, at the Javits Center in New York City, NY, and the 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. MobiDev is a software company that develops and delivers turn-key mobile apps, websites, web services, and complex softw...