January 30, 2018

When is Any Data Safe?

This blog title may seem a little odd at first. However today’s news is rife with never ending stories about massive data breaches, so this title may not be as crazy as you initially thought. Since all data generally is held within some database somewhere, the most pressing question is “When is the data within any database safe?”

We universally hear that data is an asset, and the most important asset at that. So let’s consider that asset or the company’s gold to be the “cheese“, with potential data thieves akin to crazed, hungry “mice” after that cheese. So companies need to place that asset within a safe place, which we’ll refer to as the “castle” to protect the valuable cheese.

So when is the cheese at risk?  Not long ago the only major time data was in jeopardy was generally when it was placed into motion by an application (refer back to my blog on The Physics of Data in Motion for additional detail). So data thieves would look for ways to hack or trick application code to obtain illegitimate access to otherwise protected data using coding techniques such as SQL injection attacks. So the mice would try to steal wee bits of cheese whenever any was brought in or taken out of the castle. The larger the cheese convoy the greater the risk.

But today is radically different. The most pressing risk to data assets these days is who can access it. We live in a bold new world where literally there are billions of devices with internet based access to literally every point on earth. So in effect our castle has been modified to have draw bridges every ten feet, half of them are open at any given time, the moat has dried up, and there are millions of mice looking to get entry to the castle in order to eat the cheese. You cannot place enough guards on the ramparts with sufficient supply of arrows to shoot all the approaching mice. Moreover the mice have learned to wear disguises, and so you cannot always know who the bad guys are. Plus providing easy data access to your company’s customers may be an important business advantage, therefore you might not be permitted to limit easy access by closing lots of drawbridges. So what are you to do?

What’s needed is a quick, simple yet reliable method to check the identities of the people seeking entry at any of the multitude of access points. Thus we need fault proof guards at each drawbridge to check for mice, possibly even disguised mice. Moreover we need to know that a mouse denied entrance at a drawbridge cannot try and succeed at another. Therefore we require a robust and reliable method for checking access rights of anyone from any source seeking data access. You might think that your company is covered on this issue by existing corporate computing security mechanisms such as active directory. But not all applications leverage that mechanism. In today’s world of third party tools for business intelligence and data analytics, you might find that tools which connect to the databases are far less secure than you think. In effect the mice have “catapults” to shoot themselves over the walls to bypass the drawbridge security and get at the cheese.

What the castle needs are higher walls or an anti-mouse missile system to augment the existing drawbridge guard entry protocol. Likewise what all of your databases needs is advanced security techniques such as “single sign-on” and “multi-factor authentication”. Few if any databases offer that capability inherently, and few third party tools come with that built-in either. Plus your company probably uses dozens of such tools, so some tool will fail this requirement. For that you need a tool like Cirro’s Secure Connect. Only with a tool like this can you 100% guarantee the sanctity of all your corporate data, and thus prevent the hungry mice from eating your valuable cheese.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About bscalzo2

Bert Scalzo is an Oracle ACE, blogger, author, speaker and database technology consultant. His work experience includes stints as product manager for DBArtisan and Rapid SQL at IDERA and chief architect for the popular Toad family of products at Quest Software. He has three decades of Oracle® database experience and previously worked for both Oracle Education and Oracle Consulting. Bert holds several Oracle Masters certifications and his academic credentials include a BS, MS and Ph.D. in computer science, as well as an MBA. He has presented at numerous Oracle conferences and user groups, including OOW, ODTUG, IOUG, OAUG, RMOUG and many others. Bert’s areas of interest include data modeling, database benchmarking, database tuning and optimization, "star schema" data warehouses, Linux® and VMware®. He has written for Oracle Technology Network (OTN), Oracle Magazine, Oracle Informant, PC Week (eWeek), Dell Power Solutions Magazine, The LINUX Journal, LINUX.com, Oracle FAQ and Toad World. Bert has also written the following books: • Oracle DBA Guide to Data Warehousing and Star Schemas • TOAD Handbook (1st Edition) • TOAD Handbook (2nd Edition) • TOAD Pocket Reference (2nd Edition) • Database Benchmarking: Practical Methods for Oracle & SQL Server • Advanced Oracle Utilities: The Definitive Reference • Oracle on VMware: Expert Tips for Database Virtualization • Introduction to Oracle: Basic Skills for Any Oracle User • Introduction to SQL Server: Basic Skills for Any SQL Server User • Toad Unleashed • Leveraging Oracle Database 12cR2 Testing Tools • Database Benchmarking and Stress Testing (coming 2018)