Security Threats That Affect the Modern Data Warehouse
There are six security threats that affect the modern data warehouse:
- Users who aren't authenticated
- Unauthorised users
- The wrong people have access to your data warehouse
- Unencrypted data at rest
- Security measures that negatively affect data warehouse performance
- A lack of good governance.
Users Who Aren't Authenticated
Let’s say you’re taking an international flight. When you get to the ticket counter, the airline employee looks at your ID before he or she prints out your boarding pass. It’s the airline’s way of checking that you are who you say you are.
For data warehouses, authentication doesn’t take place face-to-face. Rather, the user verifies his or her identity with a user name and a password. If authentication doesn’t take place, you could have a user who isn’t meant to be poking around your data warehouse.
Authorising users and authentication are closely linked, but authorisation is the next step. Authorisation, in the context of the modern data warehouse, is about giving someone permission to access the data within.
Why does authorisation matter? We’ll illustrate with an example: Fay works as an administrative assistant to a department head. Her daily job duties have nothing to do with the firm’s data warehouse, so if she were trying to access it, there would be cause for concern.
The Wrong People Have Access to Your Data Warehouse
Controlling access to a modern data warehouse based on roles is a mixture of authentication and authorisation. It’s about ensuring the right people have access to a data warehouse, and then their identities are authenticated, so it’s clear they are who they say they are.
We’ll illustrate with another example. Fay’s boss Diane needs to access the data warehouse to pull up data for a report. Unlike Fay, Diane should actually be authorised to access the data warehouse, because she’ll use it for her job (whereas Fay is a potential risk—she could be stealing data). Controlling access based on roles means the right people have access, and the wrong people don’t.
Unencrypted Data at Rest
Just because data is at rest (meaning it’s not being transmitted back and forth) doesn’t mean it’s not at risk. In fact, data at rest can actually be more vulnerable because many companies don’t adequately secure it.
Encrypting data at rest protects vital information in a modern data warehouse. Without an encryption key, hackers and other criminals can’t do anything with your information—it’s a useless, unbreakable code. By encrypting data at rest, you have peace of mind that your information is safe.
Security Measures that Negatively Affect the Data Warehouse
One of the factors that affects security actually isn’t entirely related to security—it has to do with performance. Sometimes, security measures can have a negative impact on a data warehouse’s performance; they can slow it down, making it more difficult to access the insights decision makers need.
Yet, if IT professionals don’t put security measures in place within the data warehouse, they put information at an enormous risk. There needs to be a balance between security and data warehouse performance, so that information is safe as well as accessible quickly.
A Lack of Good Governance
What does ‘good governance’ mean in the context of a data warehouse? It’s about putting rules and procedures in place that ensure that the data warehouse runs smoothly and that information is protected.
Good governance can be surprisingly difficult to put in place. It requires planning as well as enforcement, which many firms haven’t mastered. As a result, their data warehouses aren’t secure, and they’re in danger of being hacked.
Microsoft Azure: Keeping Data Warehouses Safe
Microsoft Azure has built-in security measures to protect your data warehouse (and the information stored within it):
- Authenticates users
- Authorises users
- Controls access based on roles
- Encrypts data at rest.
The method of user authentication depends on which Azure solution you’re using.
However, one thing holds true across the board: Azure authenticates users based on rigorous criteria that allows the right people to use the data warehouse, while keeping the wrong people out.
As with authentication, authorisation methods will differ between Azure solutions.
That being said, whichever Azure data warehouse solution you’re using, you can rest assured Azure’s authorisation mechanisms guarantee that people with the right credentials get access to your data, and those without don’t.
Controls Access Based on Roles
Azure has built-in access control based on a user’s role within the organisation. Controlling access based on roles takes authentication and authorisation a step further.
When you control access based on roles, you prevent the wrong people from accessing your data warehouse and potentially wreaking havoc. For instance, the examples with Fay and her manager Diane: Fay doesn’t need the data warehouse to do her job, which is why she shouldn’t get access to it, while Diane does need it, so she’s able to use it.
Encrypts Data at Rest
Azure relies upon transparent, server-side encryption to protect data at rest. Transparent encryption encrypts all offline database files, but when your database is open, any data in memory is decrypted.
Many regulations require organisations to protect data at rest, and this built-in feature allows you to comply with these rules.
Enlighten Designs: Helping You Secure Your Modern Data Warehouse
Enlighten Designs has two decades of experience helping clients get the most out of their data, which includes keeping it safe. We’re a proud Microsoft partner, having achieved Gold status in Data Platforms and Analytics. To learn more, contact us.