Security Policy user privileges and security tools

Go back to Tutorial

Apply for Business Intelligence Certification Now!!

The post implementation stage deals with the ongoing warehouse administration that helps in assessing and reviewing the implemented solution. Here, the data warehouse usage is evaluated through accessing metadata and assessing queries and reports functioning against the warehouse. These details help in managing standard queries or reports, identifying potential indexes and the end user layer, whilst also emphasizing on various key warehouse administrative functions, such as refreshing the warehouse, monitoring and adhering to system problems, troubleshooting errors, and performing tuning activities for different components of data warehouse. This encompasses change control for information requisites, queries, reports, roll-out of metadata, filters and conditions, security, library of shared objects, incorporation of new users, as well as distribution of catalogues and data marts. At this juncture, the responsibility for managing data warehouse can be shifted to the client organization.

You can give data warehouse security a second priority, as in an enterprise it is the customer-facing applications that should be given utmost importance. However, attackers focus on corporate data, wherever is stored. In fact, strategies used by enterprises to protect their databases can also be applied onto the data warehouse, whereby strong access controls based on roles can play a key role to securing data warehouses. As far as internal security is concerned, the access controls should have a wider scope much beyond the BI layer of reporting tool moving down to the data warehouse. Nevertheless, a sound strategy should start from identification of the data to be loaded inside the target data warehouse and its classification basis sensitivity. It is also important to understand that security is not static but a continual process that does not stop even if the data warehouse project is over. Enterprises must constantly audit and monitor security policies and data usage to be able to meet its both security and business requirements.

Organizations need to constantly audit and monitor security policies and data usage to certify that both the security and ­business requirements of the organization are being met. With proper planning and ­configuration, organizations can strike the right balance between security and the ­ultimate goal of data warehousing projects-sharing information so that it can be ­leveraged to provide value to the organization.

Organizations that have a strong security umbrella in their operational mainframe environment are more likely to pay attention to security measures for their data warehouse on a multi-tier platform. Organizations that have a very lax security policy for their operational environment are usually prone to treat security casually for their data warehouse as well. These organizations may unwittingly be exposing themselves to security breaches, especially if the plan is to deliver information from the data warehouse databases over the Web.

Centralized and Decentralized Security

Centralized security focuses on “one entry point — one guard” principle. It is much easier to protect a single door than multiple doors. In a centralized environment, all security measures can be executed at one location since the entire data is at one place. On the other hand, storing all the data at one central place is not always desirable, or even feasible. If data needs to be stored in a distributed manner, implementing security measures becomes much more complex. Following are the steps involved

  • Identification of the endpoints in your network architecture and the paths connecting the endpoints.
  • Determination of the connectivity paths (from the entry points) to get to the data. Link and label the connectivity paths.
  • Compare the paths with the existing security you have in place. You may already have some security packages installed, and some of them may be sufficient to guard a subset of the data. It may be useful to draw a matrix for security gap analysis purposes.

The security gap analysis matrix will help to identify where security is still needed and what type of security is needed. Therefore,

  • Password security may be the least expensive to implement, but it can be easily violated.
  • RDBMS security is the most important component of the security solution and should override all other security measures that may contradict the authority granted to the data in the RDBMS.
  • Encryption is not that prevalent in data warehouses because of the complicated encryption and decryption algorithms. Encryption and decryption processes also degrade performance considerably. However, with the frequent use of the Internet as an access and delivery mechanism, encryption should be seriously considered to protect the organization from costly security breaches.

Internet Access Security

The Internet enables information distribution worldwide, and the data warehouse provides easy, quick access to organizational data. Combining these two capabilities appears to be a giant leap forward for engaging into e-Commerce. However, consider the implications of combining these technologies carefully before you decide to take on the risk of potentially exposing sensitive organizational data.

Many product vendors enable Web access to databases in general and some vendors to data warehouse databases in particular. This further increases the concern for

  • Security of the data warehouse in general.
  • Security issues associated with allowing Web access to the organization’s data.

User Privilege or Accountability

Data warehouses hold massive amounts of financial information, company secrets, medical diagnoses, credit card numbers, and other personal information. Because the data warehouse is a hotbed of critical information, it makes a lucrative target for legitimate users who need data access to perform their jobs and for malicious users who desire access to its valuable data. Developers and administrators who build and manage warehouses need to maintain a record of system activity, both to be able to roll back where an error has occurred and to ensure that users are held accountable for their actions. Auditing selected sensitive information and user actions helps to keep users accountable and data protected. Further, auditing helps deter unauthorized user behavior that may not otherwise be prevented.
Auditing the Data Warehouse

The standard audit facility in database allows the auditing of database activity by statement, by use of system privilege, by object, or by user. For example, one can audit activity as general as all user connections to the database, and as specific as a user updating a table. One can also audit only successful operations, or unsuccessful operations. Auditing unsuccessful select statements may catch users testing their access boundaries or snooping for data they are not privileged to see.
Performance cannot be sacrificed in a data warehouse, and, as such, SQL statements are parsed once for both execution and auditing, not separately.  The granularity and scope of audit options allow you to record and monitor specific database activity without incurring the performance overhead that more general auditing entails. And, by setting just the options of interest, you can avoid catch-all audit methods which intercept and log all statements, and then filter them to retrieve the ones of interest. Because queries against a data warehouse generally take longer to process than queries in OLTP systems, any performance impact of auditing is negligible. On the other hand, warehouses contain massive amounts of data, so it is crucial to narrow the scope of auditing to the most important data.

http://www.vskills.in/certification/Certified-Business-Intelligence-Professional

Post Implementation
Backup and Recovery

Get industry recognized certification – Contact us

keyboard_arrow_up
Open chat
Need help?
Hello 👋
Can we help you?