First, we will explain what actually database and data
warehousing are and then we will dive deep into how data backup and
recovery of the data is been done as it is one of the major
activities that is being completed by each and every organization
that make use of this technology.
Database &
Database Warehousing:
If we look into the uses of the databases it can be looked as
the blessing to the whole IT industry without which many things
would be next to impossible or would take a lot of headaches to
complete the requirements. I will discuss below in detail about the
scenario.
- Looking at the past events in the security issues in DBMS it is
clear it has cost the world and it's users a lot and if we are to
count the money behind the loss it would feel like a far more
worse.
- Yes, there are always security issues, but this is how
everything in this universe works. There is nothing in the universe
which doesn't consist of flaws and DBMS techniques are also one of
them.
- So, rather than looking at its disadvantages or threats, we
must look at the positive side of the technology and focus more on
getting the technology better in the security with the experiences
that we get from staying in the field for a long time.
- I know, it sounds crazy to let attackers hack and then just
make changes, it is not what we need in a world which is more
dependent on all the online transactions and data which is been
kept in some cloud.
- There are certain ways in which experts are fighting these
issues so that they could diminish the effects of such attacks and
improvising is the only factor which will help us in moving forward
in the IT industry.
- It is the greatest threat to individual privacy this is an
absolute fact with proofs of so many data leaks happening in a
certain interval of times. There are also many data leaks which
have affected the clients of the company a lot more for which
company had to pay a lot of losses.
- The database is a blessing if we keep it up to the mark so that
no one is going to make our security weak or even try to hack our
systems. Hence, this is the things which we must ensure while using
technologies.
Thus, security is always a concern when it comes to any of the
IT technologies, but by looking at these vulnerabilities we can't
stop using those services which we need the most and also in which
we are capable of improving the security of.
Policies to
backup data & secure them:
- Data is one of the most crucial things nowadays, as it is the
only thing needed for manipulating requests and for which companies
are paying billions of dollars to get effective information.
- We must not neglect such important cases and there must be some
policies so that such data are been secure and also ready to
survive attacks or any disaster that can happen.
- Hence, for such purpose making the backup of the data is very
important. The backup of the data is to be made on a daily basis or
every time some important data is been updated.
- For, this the talent pool in the company must be educated about
network security and also about how to clean the data to store only
the data which is important for the company.
- Creating a robust policy for handling of sensitive data is one
of the most important steps in backing up data. The data to be
backed up must be ready to be done a backup.
- Encrypting data before doing the backup is one of the most
important things because if the data is been stolen it must remain
confidential as it will become very tough for the attackers to get
the meaningful data.
- Introducing Identity & Access Management
also ensures that the data is been saved securely. It enables many
services through which we can ensure that the security is
unbreakable one of which is SS0(Single
Sign-On).
- The last and important thing from my side for backing up and
security of the data would be creating a strategy for surviving the
data breach for a network of an organization.
Hence, these are the procedures and general policies that one
must create or follow to backup and secure the company's data.
Data
Recovery:
- It is a technique of getting back the data which has been lost
from a particular interval of time. This can be done by various
techniques in data recovery. Some of the most important aspects of
the data recovery are what we are going to talk about.
- So, firstly getting the data backup is one of the most
important things so that, whenever a data is been destroyed due to
any of the reasons it can be managed accordingly. The managed data
will be looked after.
- The data recovery can also be accomplished with the help of
various other strategies which companies use to store the data
like, some organizations save their data in cloud storage some of
them save in the different servers which are been placed somewhere
else.
- A data disaster can happen anytime and anywhere it is our job
to secure our data using various other techniques and strategies so
that the data is not been destroyed. It is one of the major
techniques in data recovery.
Hence, these are the techniques of the data recovery and
performing data backup is one of the most important things to do
while dealing with lots of data which cannot be lost.
Activities in
Maintenance of DBMS:
- The typical activities in the maintenance of the DBMS its
utilities and applications are as follows:
- First and foremost important activity is to monitor the system
to ensure the database is up and running perfectly.
- Next, is to do a full backup of the database so that there is
no redundancy in all the locations where the database backup is
being saved.
- The next step is to perform a live replication so that we can
read slave and hot fallback with the cluster.
- To check the storage is it enough to make the database running
for the rest of the time.
- To perform a check on the archival strategy so that the online
transaction database isn't building up too much over time.
- Running queries for a long time so that we can understand what
is happening in the database index wise and when will it be hitting
a tipping point.
Hence, these are some of the activities which must be checked
while doing maintenance of the database.
Yes, obviously we must consider application performance tuning
to be the part of the maintenance activities. The main reason
behind it is as follows:
- It will help us to know whether the application is being worked
perfectly and up to what regressions are they failing to perform as
expected. This will help us in finding out the limitations of our
applications so that changes can be made accordingly.
- It will also keep us posted with certain changes in the
application when the inputs are not as expected to make it a part
of testing so that nothing can be overloaded when the application
goes live.
Hence, these are some of the points we must remember while
performing database maintenance.
Data Corruption
Vulnerabilities:
When it comes to data corruption these are the major
vulnerabilities that can occur due to the wrong database codes
implemented either in MySQL or ORACLE databases. This can happen to
any database.
- Buffer Overflow:
- The buffer overflow vulnerability is one of the most basic and
dangerous vulnerabilities which occurs in the systems due to the
insufficient memory management and wrong codes.
- The main drawback of having this vulnerability is that it will
freeze the system and let the attacker do the things he wants to do
which can lead to remote code execution and then, later on, can do
anything the attacker wishes to.
- SQL Injection:
- It is wrong references given in the databases and manipulating
a certain level of database information which gives access to the
attacker in which they can hack the system authentication
process.
- The SQL Injection is one of the most dangerous vulnerability
and none of the websites must have this threat in their system
because it can cause the downfall of the whole website.
Types of
backup:
- One can easily save all the work done with the help of some
other removable devices like hard-drive, pen-drive, floppy disks,
CD, etc.
- Saving a certain amount of data in these removable devices will
make the data portable and available anytime and anywhere. The data
we can save in such devices is limited which is the major
drawback.
- With the help of these devices, there are many risks that need
to be calculated. Firstly the major risk is that the devices can be
lost which will be a major risk here.
- The second backup method can be saving all the data in the
cloud or any similar online space provider. This method is way too
costly as compared to the first method.
- The cloud data can be accessed from anywhere and anytime which
will also reduce the risk of losing the data as it will be saved in
a server which is been monitored for maintenance.
- The risks that are involved in this backup process is that the
security of the data is a major issue as it is available on the
Internet it can be easily misused if a data breach takes
place.
- The data is always on the internet and if not secured properly
then there might be certain consequences to the backup.
Hence, these are the ways in which backup can be fruitful to the
organizations.
What are the security implications of insufficient data
classification?
The data classification is one of the most important things that
should be done in order to gain somethings which are fruitful from
data and must also be managed but what if the data classification
is not done properly.
- There are many classifications of data being practiced in the
world in which we can find out many possible outcomes for the
classification of the data. There is been some certain
classification such as :
- Top Secret
- Secret
- Confidential
- The most important is to be able to classify all the data
according to the given classification but if the classification is
not being done properly there can be many issues such as files can
be misplaced in any of the sections and later on it can deal
problems.
- If the data is been misplaced to any of the other sectors of
data in which it should not be then what will happen. The security
must be strong for that. Hence, we can start by implementing
certain things in our security plans. They are as follows:
- We will develop a good data classification scheme if the old
one is not been able to classify the data appropriately.
- We will let us understand what is achievable through the data
realistically and then classify the data
- We can classify the data strategy as soon as the data is
approved to any one of the sectors.
- Each of the sectors will consist of various security provisions
so that it won't be easy at all to break into its security.
- Aligning the data with the best frameworks will also be the
best practice to save the data.
- The classification of the network is required instead of the
data.
Hence, these are some of the security implications in
case of insufficient data classification.