SlideShare a Scribd company logo

NoSQL Now! Webinar Series: Migrating Security Policies from SQL to NoSQL

DATAVERSITY
DATAVERSITY

In the past, many NoSQL systems came with minimal security features and put security functions in the application layer. However, some newer NoSQL databases are supporting fine-grain security policy management. In this webinar we will discuss the trends in NoSQL security and the ability for new releases of some NoSQL databases to address in-database security concerns. We will see how security policies can be migrated from SQL to NoSQL systems.

TechnologyBusiness
1 of 24
Download to read offline
Migrating Security Policies from SQL to NoSQL Dan Adam November 26, 2013 With Panelist Adam Retter and Michael Allen Michael
Summary • In the past, many NoSQL systems came with minimal security features and put security functions in the application layer. However, some newer NoSQL databases are supporting fine-grain security policy management. In this webinar we will discuss the trends in NoSQL security and the ability for new releases of some NoSQL databases to address in-database security concerns. We will see how security policies can be migrated from SQL to NoSQL systems. We will also be interviewing NoSQL vendors that have added security to the database layer and discuss their experiences with security conscious customers. M D Copyright Kelly-McCreary & Associates 2
Four Areas of DB Security Are users and requests from the people they claim to be? Do users have read or/write access to the appropriate data? Authentication Authorization Audit Encryption Can we track who read or updated data and when they did it.? Can we convert data to a form that can not be used by unauthorized viewers? M D Copyright Kelly-McCreary & Associates, LLC 3
Security Policies • Written statements, usually in English language text, that describes how your data is protected • Examples of policy statements – Passwords must contain at least 6 characters (Authentication) – Only "managers" can approve travel requests (Authorization) – All transactions that change data must be audited (Audit) – All credit card information must be stored in encrypted fields (Encription) M D Copyright Kelly-McCreary & Associates 4
NoSQL Database Patterns Relational Analytical (OLAP) Key-Value key key value key Graph value key Column-Family value value Document M D Copyright Kelly-McCreary & Associates, LLC 5
Enterprise Security Requrments Must have Need for in database security enterprise wide regulated Nice to have multiple projects multi-division reporting single project Not required role-based access control Enterprise rollout timeline M D 6
Review of RDBMS Security • Authentication is usually done using – external client – internal database login/password • Authorization is done on tables using DDL – – – – SQL "GRANT" statements Read, write, update, delete Views allow fine-grain control rows/columns Stored procedures allows "amplified" permissions • Most RDBMS products have mature audit tools • Most RDBMS systems use applications to encrypt data M D Copyright Kelly-McCreary & Associates 7
Review of Analytical Security • Focus on who can access what "cubes" • Some portions of fact tables (dimensions) can be restricted by user or group • Minimal cell size restrictions in reports to prevent inference • Example: – What is the average math score of female Asian children in the 4th grade at this school? – If there is only a single person in this set the privacy rules will not show any results M D Copyright Kelly-McCreary & Associates 8
Most New NoSQL Products • Did not focus on security in the database • Focused on application-level security • Only more mature "release 2.0" systems tend to add security • Many regulated business (healthcare, finance) could not use early NoSQL systems but are not starting to adopt NoSQL systems M D Copyright Kelly-McCreary & Associates 9
Implementing Security Firewalls and application servers protect databases from unauthorized access Internet Firewall Reporting tools run directly on a database so the database may need its own security layer App Server Reporting Tools Database • Many projects can put security at the application level • Reporting tools frequently go directly against a database M D 10
Simple Circles, Simple Policies general public intranet users authenticated users database administrators • • Simple authorization security policies can be drawn as Venn Diagrams Complex security policies have 100s of overlapping circles M D 11
Implementing Auth and Auth Authentication Database Request Authorization Y Id in header? N Company Directory Deny access Login OK Role has access to data? Y Get/Put data Return result N Login N Lookup groups or roles Return error Database Y M D 12
Security Grain Database Course grain access control – little performance impact Collection Document Element Fine grain access control – large performance impact • Version "1.0" of many NoSQL databases only control access based on collections • Fine-grain access control can limit performance on distributed systems M D 13
Collections, Document and Elements Database database root collection department collection application collection document element • Applies to some types of NoSQL systems M D 14
The UNIX file system model Your own permissions Your group's permissions owner The letters RWX are for Read, Write and Execute Permissions group others RWX RWX RWX 110 110 100 Everyone else The permissions for anyone outside your group are Read=true, Write=false and Execute=false • HDFS and eXist-db both support the UNIX security model M D 15
Role-Based Security Models • Sample UML diagram for role-based security M D 16
Simplified RBAC Model Each user has one or more roles in the database. User Role Resources are associated with a permission for each role. Permission (read, write) Resource (collection, document) Roles are associated with one or more permissions. • Role based access control models decouple the user from the resource M D 17
MarkLogic Security Model Amplified Permission (AMP) Users and roles both have default permissions for documents and collections. Execute Privilege Multiple roles can be associated with special privileges on functions, queries and URIs. URI Privilege Document User Role Permission Collection Roles exist in a hierarchy and lower roles inherit permissions from upper roles. Each permission record , stored with a document or collection, associates a single capability(read, write, update or execute) with a single role. Each document and collection is associated with a URI and permissions. • Sample RBAC model in MarkLogic M D 18
Apache Accumulo Key Row ID Column Family Qualifier Visibility Timestamp Value • Visibility is a 64-bit field that holds authorization information. Only users that have the right visibility settings can see the value M D 19
Amazon S3 Security Models IAM Policy Bucket Policy Allow Who Ann Dan Allow Actions: PutObject Is the same as Resource aws:s3:::bucket_kma/* Ann M D Actions: PutObject Resource Aws:s3::bucket_kma/* Dan 20
eXist-db http://exist-db.org M D Kelly-McCreary & Associates, LLC 21
Migrating Security Policies from SQL to NoSQL Dan Adam November 26, 2013 With Panelist Adam Retter and Michael Allen Michael
Sample Slides • • • • Encryption and Security in Accumulo Michael Allen Sqrrl Data Inc. http://www.slideshare.net/DonaldMiner/acc umulo-oct2013bofpresentation M D Copyright Kelly-McCreary & Associates 23
Thank You • @dmccreary • @adamretter M D Kelly-McCreary & Associates, LLC 24

Recommended

Database security issues
Database security issuesDatabase security issues
Database security issuesn|u - The Open Security Community
 
Database Systems Security
Database Systems SecurityDatabase Systems Security
Database Systems Securityamiable_indian
 
Security of the database
Security of the databaseSecurity of the database
Security of the databasePratik Tamgadge
 
01 database security ent-db
01 database security ent-db01 database security ent-db
01 database security ent-dbuncleRhyme
 
Deploying and managing ConfigMgr Clients
Deploying and managing ConfigMgr ClientsDeploying and managing ConfigMgr Clients
Deploying and managing ConfigMgr ClientsMicrosoft TechNet - Belgium and Luxembourg
 
Database & Technology 1 _ Barbara Rabinowicz _ Database Security Methoda and ...
Database & Technology 1 _ Barbara Rabinowicz _ Database Security Methoda and ...Database & Technology 1 _ Barbara Rabinowicz _ Database Security Methoda and ...
Database & Technology 1 _ Barbara Rabinowicz _ Database Security Methoda and ...InSync2011
 
Database security
Database securityDatabase security
Database securityArpana shree
 
Database security
Database securityDatabase security
Database securitykeerthusandeepreddy
 

Recommended

Database security issues
Database security issuesDatabase security issues
Database security issuesn|u - The Open Security Community
 
Database Systems Security
Database Systems SecurityDatabase Systems Security
Database Systems Securityamiable_indian
 
Security of the database
Security of the databaseSecurity of the database
Security of the databasePratik Tamgadge
 
01 database security ent-db
01 database security ent-db01 database security ent-db
01 database security ent-dbuncleRhyme
 
Deploying and managing ConfigMgr Clients
Deploying and managing ConfigMgr ClientsDeploying and managing ConfigMgr Clients
Deploying and managing ConfigMgr ClientsMicrosoft TechNet - Belgium and Luxembourg
 
Database & Technology 1 _ Barbara Rabinowicz _ Database Security Methoda and ...
Database & Technology 1 _ Barbara Rabinowicz _ Database Security Methoda and ...Database & Technology 1 _ Barbara Rabinowicz _ Database Security Methoda and ...
Database & Technology 1 _ Barbara Rabinowicz _ Database Security Methoda and ...InSync2011
 
Database security
Database securityDatabase security
Database securityArpana shree
 
Database security
Database securityDatabase security
Database securitykeerthusandeepreddy
 
Database security
Database securityDatabase security
Database securitySoftware Engineering
 
Cloud computing & dbms
Cloud computing & dbmsCloud computing & dbms
Cloud computing & dbmsZaid Shabbir
 
Oruta ppt
Oruta pptOruta ppt
Oruta pptManasa Chowdary
 
Database security and security in networks
Database security and security in networksDatabase security and security in networks
Database security and security in networksG Prachi
 
Identity based secure distributed data storage
Identity based secure distributed data storageIdentity based secure distributed data storage
Identity based secure distributed data storageIEEEFINALYEARPROJECTS
 
cloud computing preservity
cloud computing preservitycloud computing preservity
cloud computing preservitychennuruvishnu
 
ScottSalyards
ScottSalyardsScottSalyards
ScottSalyardsScott Salyards
 
Decentralized access control with anonymous authentication of data stored in ...
Decentralized access control with anonymous authentication of data stored in ...Decentralized access control with anonymous authentication of data stored in ...
Decentralized access control with anonymous authentication of data stored in ...Papitha Velumani
 
A robust and verifiable threshold multi authority access control system in pu...
A robust and verifiable threshold multi authority access control system in pu...A robust and verifiable threshold multi authority access control system in pu...
A robust and verifiable threshold multi authority access control system in pu...IJARIIT
 
Privacy preserving public auditing for regenerating-code-based
Privacy preserving public auditing for regenerating-code-basedPrivacy preserving public auditing for regenerating-code-based
Privacy preserving public auditing for regenerating-code-basedNagamalleswararao Tadikonda
 
Ensuring d.s
Ensuring d.sEnsuring d.s
Ensuring d.skarthi j
 
Ppt security-database-overview-11g r2
Ppt security-database-overview-11g r2Ppt security-database-overview-11g r2
Ppt security-database-overview-11g r2Oracle BH
 
Data Security in Collaboration
Data Security in CollaborationData Security in Collaboration
Data Security in CollaborationWindTalker Security
 
Database security
Database securityDatabase security
Database securityCAS
 
Data base security & integrity
Data base security & integrityData base security & integrity
Data base security & integrityPooja Dixit
 
Database security
Database securityDatabase security
Database securityMurchana Borah
 
Distributed semantic search system (dsss)
Distributed semantic search system (dsss) Distributed semantic search system (dsss)
Distributed semantic search system (dsss) Isuru Vincent
 
AWS Cloud Security From the Point of View of the Compliance
AWS Cloud Security From the Point of View of the ComplianceAWS Cloud Security From the Point of View of the Compliance
AWS Cloud Security From the Point of View of the ComplianceYury Chemerkin
 
Choosing Encryption for Microsoft SQL Server
Choosing Encryption for Microsoft SQL ServerChoosing Encryption for Microsoft SQL Server
Choosing Encryption for Microsoft SQL ServerJerome J. Penna
 
DATA STORAGE SECURITY CHALLENGES IN CLOUD COMPUTING
DATA STORAGE SECURITY CHALLENGES IN CLOUD COMPUTINGDATA STORAGE SECURITY CHALLENGES IN CLOUD COMPUTING
DATA STORAGE SECURITY CHALLENGES IN CLOUD COMPUTINGijsptm
 
Creating a Multi-Layered Secured Postgres Database
Creating a Multi-Layered Secured Postgres DatabaseCreating a Multi-Layered Secured Postgres Database
Creating a Multi-Layered Secured Postgres DatabaseEDB
 
Rise of NewSQL
Rise of NewSQLRise of NewSQL
Rise of NewSQLSushant Choudhary
 

More Related Content

What's hot

Cloud computing & dbms
Cloud computing & dbmsCloud computing & dbms
Cloud computing & dbmsZaid Shabbir
 
Database security and security in networks
Database security and security in networksDatabase security and security in networks
Database security and security in networksG Prachi
 
Identity based secure distributed data storage
Identity based secure distributed data storageIdentity based secure distributed data storage
Identity based secure distributed data storageIEEEFINALYEARPROJECTS
 
cloud computing preservity
cloud computing preservitycloud computing preservity
cloud computing preservitychennuruvishnu
 
Decentralized access control with anonymous authentication of data stored in ...
Decentralized access control with anonymous authentication of data stored in ...Decentralized access control with anonymous authentication of data stored in ...
Decentralized access control with anonymous authentication of data stored in ...Papitha Velumani
 
A robust and verifiable threshold multi authority access control system in pu...
A robust and verifiable threshold multi authority access control system in pu...A robust and verifiable threshold multi authority access control system in pu...
A robust and verifiable threshold multi authority access control system in pu...IJARIIT
 
Privacy preserving public auditing for regenerating-code-based
Privacy preserving public auditing for regenerating-code-basedPrivacy preserving public auditing for regenerating-code-based
Privacy preserving public auditing for regenerating-code-basedNagamalleswararao Tadikonda
 
Ensuring d.s
Ensuring d.sEnsuring d.s
Ensuring d.skarthi j
 
Ppt security-database-overview-11g r2
Ppt security-database-overview-11g r2Ppt security-database-overview-11g r2
Ppt security-database-overview-11g r2Oracle BH
 
Database security
Database securityDatabase security
Database securityCAS
 
Data base security & integrity
Data base security & integrityData base security & integrity
Data base security & integrityPooja Dixit
 
Distributed semantic search system (dsss)
Distributed semantic search system (dsss) Distributed semantic search system (dsss)
Distributed semantic search system (dsss) Isuru Vincent
 
AWS Cloud Security From the Point of View of the Compliance
AWS Cloud Security From the Point of View of the ComplianceAWS Cloud Security From the Point of View of the Compliance
AWS Cloud Security From the Point of View of the ComplianceYury Chemerkin
 
Choosing Encryption for Microsoft SQL Server
Choosing Encryption for Microsoft SQL ServerChoosing Encryption for Microsoft SQL Server
Choosing Encryption for Microsoft SQL ServerJerome J. Penna
 
DATA STORAGE SECURITY CHALLENGES IN CLOUD COMPUTING
DATA STORAGE SECURITY CHALLENGES IN CLOUD COMPUTINGDATA STORAGE SECURITY CHALLENGES IN CLOUD COMPUTING
DATA STORAGE SECURITY CHALLENGES IN CLOUD COMPUTINGijsptm
 

What's hot (20)

Database security
Database securityDatabase security
Database security
 
Cloud computing & dbms
Cloud computing & dbmsCloud computing & dbms
Cloud computing & dbms
 
Oruta ppt
Oruta pptOruta ppt
Oruta ppt
 
Database security and security in networks
Database security and security in networksDatabase security and security in networks
Database security and security in networks
 
Identity based secure distributed data storage
Identity based secure distributed data storageIdentity based secure distributed data storage
Identity based secure distributed data storage
 
cloud computing preservity
cloud computing preservitycloud computing preservity
cloud computing preservity
 
ScottSalyards
ScottSalyardsScottSalyards
ScottSalyards
 
Decentralized access control with anonymous authentication of data stored in ...
Decentralized access control with anonymous authentication of data stored in ...Decentralized access control with anonymous authentication of data stored in ...
Decentralized access control with anonymous authentication of data stored in ...
 
A robust and verifiable threshold multi authority access control system in pu...
A robust and verifiable threshold multi authority access control system in pu...A robust and verifiable threshold multi authority access control system in pu...
A robust and verifiable threshold multi authority access control system in pu...
 
Privacy preserving public auditing for regenerating-code-based
Privacy preserving public auditing for regenerating-code-basedPrivacy preserving public auditing for regenerating-code-based
Privacy preserving public auditing for regenerating-code-based
 
Ensuring d.s
Ensuring d.sEnsuring d.s
Ensuring d.s
 
Ppt security-database-overview-11g r2
Ppt security-database-overview-11g r2Ppt security-database-overview-11g r2
Ppt security-database-overview-11g r2
 
Data Security in Collaboration
Data Security in CollaborationData Security in Collaboration
Data Security in Collaboration
 
Database security
Database securityDatabase security
Database security
 
Data base security & integrity
Data base security & integrityData base security & integrity
Data base security & integrity
 
Database security
Database securityDatabase security
Database security
 
Distributed semantic search system (dsss)
Distributed semantic search system (dsss) Distributed semantic search system (dsss)
Distributed semantic search system (dsss)
 
AWS Cloud Security From the Point of View of the Compliance
AWS Cloud Security From the Point of View of the ComplianceAWS Cloud Security From the Point of View of the Compliance
AWS Cloud Security From the Point of View of the Compliance
 
Choosing Encryption for Microsoft SQL Server
Choosing Encryption for Microsoft SQL ServerChoosing Encryption for Microsoft SQL Server
Choosing Encryption for Microsoft SQL Server
 
DATA STORAGE SECURITY CHALLENGES IN CLOUD COMPUTING
DATA STORAGE SECURITY CHALLENGES IN CLOUD COMPUTINGDATA STORAGE SECURITY CHALLENGES IN CLOUD COMPUTING
DATA STORAGE SECURITY CHALLENGES IN CLOUD COMPUTING
 

Similar to NoSQL Now! Webinar Series: Migrating Security Policies from SQL to NoSQL

Creating a Multi-Layered Secured Postgres Database
Creating a Multi-Layered Secured Postgres DatabaseCreating a Multi-Layered Secured Postgres Database
Creating a Multi-Layered Secured Postgres DatabaseEDB
 
Security and LDAP integration in InduSoft Web Studio
Security and LDAP integration in InduSoft Web StudioSecurity and LDAP integration in InduSoft Web Studio
Security and LDAP integration in InduSoft Web StudioAVEVA
 
DEE 431 Introduction to DBMS Slide 1
DEE 431 Introduction to DBMS Slide 1DEE 431 Introduction to DBMS Slide 1
DEE 431 Introduction to DBMS Slide 1YOGESH SINGH
 
Database management system
Database management systemDatabase management system
Database management systemRizwanHafeez
 
Introduction & history of dbms
Introduction & history of dbmsIntroduction & history of dbms
Introduction & history of dbmssethu pm
 
Modern Data Security for the Enterprises – SQL Server & Azure SQL Database
Modern Data Security for the Enterprises – SQL Server & Azure SQL DatabaseModern Data Security for the Enterprises – SQL Server & Azure SQL Database
Modern Data Security for the Enterprises – SQL Server & Azure SQL DatabaseWinWire Technologies Inc
 
How to protect your sensitive data using oracle database vault / Creating and...
How to protect your sensitive data using oracle database vault / Creating and...How to protect your sensitive data using oracle database vault / Creating and...
How to protect your sensitive data using oracle database vault / Creating and...Anar Godjaev
 
Database Management Systems
Database Management SystemsDatabase Management Systems
Database Management SystemsGeorge Grayson
 
Unit 2 - Chapter 7 (Database Security).pptx
Unit 2 - Chapter 7 (Database Security).pptxUnit 2 - Chapter 7 (Database Security).pptx
Unit 2 - Chapter 7 (Database Security).pptxSakshiGawde6
 
1. introduction to no sql
1. introduction to no sql1. introduction to no sql
1. introduction to no sqlAnuja Gunale
 
Database Security - IG
Database Security - IGDatabase Security - IG
Database Security - IGAnne Lee
 
MySQL Security in a Cloudy World
MySQL Security in a Cloudy WorldMySQL Security in a Cloudy World
MySQL Security in a Cloudy WorldDave Stokes
 
ppt-security-dbsat-222-overview-nodemo.pdf
ppt-security-dbsat-222-overview-nodemo.pdfppt-security-dbsat-222-overview-nodemo.pdf
ppt-security-dbsat-222-overview-nodemo.pdfcamyla81
 
Challenges Management and Opportunities of Cloud DBA
Challenges Management and Opportunities of Cloud DBAChallenges Management and Opportunities of Cloud DBA
Challenges Management and Opportunities of Cloud DBAinventy
 

Similar to NoSQL Now! Webinar Series: Migrating Security Policies from SQL to NoSQL (20)

Creating a Multi-Layered Secured Postgres Database
Creating a Multi-Layered Secured Postgres DatabaseCreating a Multi-Layered Secured Postgres Database
Creating a Multi-Layered Secured Postgres Database
 
Rise of NewSQL
Rise of NewSQLRise of NewSQL
Rise of NewSQL
 
Security and LDAP integration in InduSoft Web Studio
Security and LDAP integration in InduSoft Web StudioSecurity and LDAP integration in InduSoft Web Studio
Security and LDAP integration in InduSoft Web Studio
 
DEE 431 Introduction to DBMS Slide 1
DEE 431 Introduction to DBMS Slide 1DEE 431 Introduction to DBMS Slide 1
DEE 431 Introduction to DBMS Slide 1
 
Presentation 5 (4).pdf
Presentation 5 (4).pdfPresentation 5 (4).pdf
Presentation 5 (4).pdf
 
Data base Access Control a look at Fine grain Access method
Data base Access Control a look at Fine grain Access methodData base Access Control a look at Fine grain Access method
Data base Access Control a look at Fine grain Access method
 
Database management system
Database management systemDatabase management system
Database management system
 
1_DBMS_Introduction.pdf
1_DBMS_Introduction.pdf1_DBMS_Introduction.pdf
1_DBMS_Introduction.pdf
 
Introduction & history of dbms
Introduction & history of dbmsIntroduction & history of dbms
Introduction & history of dbms
 
Modern Data Security for the Enterprises – SQL Server & Azure SQL Database
Modern Data Security for the Enterprises – SQL Server & Azure SQL DatabaseModern Data Security for the Enterprises – SQL Server & Azure SQL Database
Modern Data Security for the Enterprises – SQL Server & Azure SQL Database
 
How to protect your sensitive data using oracle database vault / Creating and...
How to protect your sensitive data using oracle database vault / Creating and...How to protect your sensitive data using oracle database vault / Creating and...
How to protect your sensitive data using oracle database vault / Creating and...
 
Database Management Systems
Database Management SystemsDatabase Management Systems
Database Management Systems
 
Unit 2 - Chapter 7 (Database Security).pptx
Unit 2 - Chapter 7 (Database Security).pptxUnit 2 - Chapter 7 (Database Security).pptx
Unit 2 - Chapter 7 (Database Security).pptx
 
1. introduction to no sql
1. introduction to no sql1. introduction to no sql
1. introduction to no sql
 
RDBMS to NoSQL. An overview.
RDBMS to NoSQL. An overview.RDBMS to NoSQL. An overview.
RDBMS to NoSQL. An overview.
 
paper
paperpaper
paper
 
Database Security - IG
Database Security - IGDatabase Security - IG
Database Security - IG
 
MySQL Security in a Cloudy World
MySQL Security in a Cloudy WorldMySQL Security in a Cloudy World
MySQL Security in a Cloudy World
 
ppt-security-dbsat-222-overview-nodemo.pdf
ppt-security-dbsat-222-overview-nodemo.pdfppt-security-dbsat-222-overview-nodemo.pdf
ppt-security-dbsat-222-overview-nodemo.pdf
 
Challenges Management and Opportunities of Cloud DBA
Challenges Management and Opportunities of Cloud DBAChallenges Management and Opportunities of Cloud DBA
Challenges Management and Opportunities of Cloud DBA
 

More from DATAVERSITY

Architecture, Products, and Total Cost of Ownership of the Leading Machine Le...
Architecture, Products, and Total Cost of Ownership of the Leading Machine Le...Architecture, Products, and Total Cost of Ownership of the Leading Machine Le...
Architecture, Products, and Total Cost of Ownership of the Leading Machine Le...DATAVERSITY
 
Data at the Speed of Business with Data Mastering and Governance
Data at the Speed of Business with Data Mastering and GovernanceData at the Speed of Business with Data Mastering and Governance
Data at the Speed of Business with Data Mastering and GovernanceDATAVERSITY
 
Exploring Levels of Data Literacy
Exploring Levels of Data LiteracyExploring Levels of Data Literacy
Exploring Levels of Data LiteracyDATAVERSITY
 
Building a Data Strategy – Practical Steps for Aligning with Business Goals
Building a Data Strategy – Practical Steps for Aligning with Business GoalsBuilding a Data Strategy – Practical Steps for Aligning with Business Goals
Building a Data Strategy – Practical Steps for Aligning with Business GoalsDATAVERSITY
 
Make Data Work for You
Make Data Work for YouMake Data Work for You
Make Data Work for YouDATAVERSITY
 
Data Catalogs Are the Answer – What is the Question?
Data Catalogs Are the Answer – What is the Question?Data Catalogs Are the Answer – What is the Question?
Data Catalogs Are the Answer – What is the Question?DATAVERSITY
 
Data Catalogs Are the Answer – What Is the Question?
Data Catalogs Are the Answer – What Is the Question?Data Catalogs Are the Answer – What Is the Question?
Data Catalogs Are the Answer – What Is the Question?DATAVERSITY
 
Data Modeling Fundamentals
Data Modeling FundamentalsData Modeling Fundamentals
Data Modeling FundamentalsDATAVERSITY
 
Showing ROI for Your Analytic Project
Showing ROI for Your Analytic ProjectShowing ROI for Your Analytic Project
Showing ROI for Your Analytic ProjectDATAVERSITY
 
How a Semantic Layer Makes Data Mesh Work at Scale
How a Semantic Layer Makes Data Mesh Work at ScaleHow a Semantic Layer Makes Data Mesh Work at Scale
How a Semantic Layer Makes Data Mesh Work at ScaleDATAVERSITY
 
Is Enterprise Data Literacy Possible?
Is Enterprise Data Literacy Possible?Is Enterprise Data Literacy Possible?
Is Enterprise Data Literacy Possible?DATAVERSITY
 
The Data Trifecta – Privacy, Security & Governance Race from Reactivity to Re...
The Data Trifecta – Privacy, Security & Governance Race from Reactivity to Re...The Data Trifecta – Privacy, Security & Governance Race from Reactivity to Re...
The Data Trifecta – Privacy, Security & Governance Race from Reactivity to Re...DATAVERSITY
 
Emerging Trends in Data Architecture – What’s the Next Big Thing?
Emerging Trends in Data Architecture – What’s the Next Big Thing?Emerging Trends in Data Architecture – What’s the Next Big Thing?
Emerging Trends in Data Architecture – What’s the Next Big Thing?DATAVERSITY
 
Data Governance Trends - A Look Backwards and Forwards
Data Governance Trends - A Look Backwards and ForwardsData Governance Trends - A Look Backwards and Forwards
Data Governance Trends - A Look Backwards and ForwardsDATAVERSITY
 
Data Governance Trends and Best Practices To Implement Today
Data Governance Trends and Best Practices To Implement TodayData Governance Trends and Best Practices To Implement Today
Data Governance Trends and Best Practices To Implement TodayDATAVERSITY
 
2023 Trends in Enterprise Analytics
2023 Trends in Enterprise Analytics2023 Trends in Enterprise Analytics
2023 Trends in Enterprise AnalyticsDATAVERSITY
 
Data Strategy Best Practices
Data Strategy Best PracticesData Strategy Best Practices
Data Strategy Best PracticesDATAVERSITY
 
Who Should Own Data Governance – IT or Business?
Who Should Own Data Governance – IT or Business?Who Should Own Data Governance – IT or Business?
Who Should Own Data Governance – IT or Business?DATAVERSITY
 
Data Management Best Practices
Data Management Best PracticesData Management Best Practices
Data Management Best PracticesDATAVERSITY
 
MLOps – Applying DevOps to Competitive Advantage
MLOps – Applying DevOps to Competitive AdvantageMLOps – Applying DevOps to Competitive Advantage
MLOps – Applying DevOps to Competitive AdvantageDATAVERSITY
 

More from DATAVERSITY (20)

Architecture, Products, and Total Cost of Ownership of the Leading Machine Le...
Architecture, Products, and Total Cost of Ownership of the Leading Machine Le...Architecture, Products, and Total Cost of Ownership of the Leading Machine Le...
Architecture, Products, and Total Cost of Ownership of the Leading Machine Le...
 
Data at the Speed of Business with Data Mastering and Governance
Data at the Speed of Business with Data Mastering and GovernanceData at the Speed of Business with Data Mastering and Governance
Data at the Speed of Business with Data Mastering and Governance
 
Exploring Levels of Data Literacy
Exploring Levels of Data LiteracyExploring Levels of Data Literacy
Exploring Levels of Data Literacy
 
Building a Data Strategy – Practical Steps for Aligning with Business Goals
Building a Data Strategy – Practical Steps for Aligning with Business GoalsBuilding a Data Strategy – Practical Steps for Aligning with Business Goals
Building a Data Strategy – Practical Steps for Aligning with Business Goals
 
Make Data Work for You
Make Data Work for YouMake Data Work for You
Make Data Work for You
 
Data Catalogs Are the Answer – What is the Question?
Data Catalogs Are the Answer – What is the Question?Data Catalogs Are the Answer – What is the Question?
Data Catalogs Are the Answer – What is the Question?
 
Data Catalogs Are the Answer – What Is the Question?
Data Catalogs Are the Answer – What Is the Question?Data Catalogs Are the Answer – What Is the Question?
Data Catalogs Are the Answer – What Is the Question?
 
Data Modeling Fundamentals
Data Modeling FundamentalsData Modeling Fundamentals
Data Modeling Fundamentals
 
Showing ROI for Your Analytic Project
Showing ROI for Your Analytic ProjectShowing ROI for Your Analytic Project
Showing ROI for Your Analytic Project
 
How a Semantic Layer Makes Data Mesh Work at Scale
How a Semantic Layer Makes Data Mesh Work at ScaleHow a Semantic Layer Makes Data Mesh Work at Scale
How a Semantic Layer Makes Data Mesh Work at Scale
 
Is Enterprise Data Literacy Possible?
Is Enterprise Data Literacy Possible?Is Enterprise Data Literacy Possible?
Is Enterprise Data Literacy Possible?
 
The Data Trifecta – Privacy, Security & Governance Race from Reactivity to Re...
The Data Trifecta – Privacy, Security & Governance Race from Reactivity to Re...The Data Trifecta – Privacy, Security & Governance Race from Reactivity to Re...
The Data Trifecta – Privacy, Security & Governance Race from Reactivity to Re...
 
Emerging Trends in Data Architecture – What’s the Next Big Thing?
Emerging Trends in Data Architecture – What’s the Next Big Thing?Emerging Trends in Data Architecture – What’s the Next Big Thing?
Emerging Trends in Data Architecture – What’s the Next Big Thing?
 
Data Governance Trends - A Look Backwards and Forwards
Data Governance Trends - A Look Backwards and ForwardsData Governance Trends - A Look Backwards and Forwards
Data Governance Trends - A Look Backwards and Forwards
 
Data Governance Trends and Best Practices To Implement Today
Data Governance Trends and Best Practices To Implement TodayData Governance Trends and Best Practices To Implement Today
Data Governance Trends and Best Practices To Implement Today
 
2023 Trends in Enterprise Analytics
2023 Trends in Enterprise Analytics2023 Trends in Enterprise Analytics
2023 Trends in Enterprise Analytics
 
Data Strategy Best Practices
Data Strategy Best PracticesData Strategy Best Practices
Data Strategy Best Practices
 
Who Should Own Data Governance – IT or Business?
Who Should Own Data Governance – IT or Business?Who Should Own Data Governance – IT or Business?
Who Should Own Data Governance – IT or Business?
 
Data Management Best Practices
Data Management Best PracticesData Management Best Practices
Data Management Best Practices
 
MLOps – Applying DevOps to Competitive Advantage
MLOps – Applying DevOps to Competitive AdvantageMLOps – Applying DevOps to Competitive Advantage
MLOps – Applying DevOps to Competitive Advantage
 

Recently uploaded

Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 

Recently uploaded (20)

Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 

NoSQL Now! Webinar Series: Migrating Security Policies from SQL to NoSQL

  • 1. Migrating Security Policies from SQL to NoSQL Dan Adam November 26, 2013 With Panelist Adam Retter and Michael Allen Michael
  • 2. Summary • In the past, many NoSQL systems came with minimal security features and put security functions in the application layer. However, some newer NoSQL databases are supporting fine-grain security policy management. In this webinar we will discuss the trends in NoSQL security and the ability for new releases of some NoSQL databases to address in-database security concerns. We will see how security policies can be migrated from SQL to NoSQL systems. We will also be interviewing NoSQL vendors that have added security to the database layer and discuss their experiences with security conscious customers. M D Copyright Kelly-McCreary & Associates 2
  • 3. Four Areas of DB Security Are users and requests from the people they claim to be? Do users have read or/write access to the appropriate data? Authentication Authorization Audit Encryption Can we track who read or updated data and when they did it.? Can we convert data to a form that can not be used by unauthorized viewers? M D Copyright Kelly-McCreary & Associates, LLC 3
  • 4. Security Policies • Written statements, usually in English language text, that describes how your data is protected • Examples of policy statements – Passwords must contain at least 6 characters (Authentication) – Only "managers" can approve travel requests (Authorization) – All transactions that change data must be audited (Audit) – All credit card information must be stored in encrypted fields (Encription) M D Copyright Kelly-McCreary & Associates 4
  • 5. NoSQL Database Patterns Relational Analytical (OLAP) Key-Value key key value key Graph value key Column-Family value value Document M D Copyright Kelly-McCreary & Associates, LLC 5
  • 6. Enterprise Security Requrments Must have Need for in database security enterprise wide regulated Nice to have multiple projects multi-division reporting single project Not required role-based access control Enterprise rollout timeline M D 6
  • 7. Review of RDBMS Security • Authentication is usually done using – external client – internal database login/password • Authorization is done on tables using DDL – – – – SQL "GRANT" statements Read, write, update, delete Views allow fine-grain control rows/columns Stored procedures allows "amplified" permissions • Most RDBMS products have mature audit tools • Most RDBMS systems use applications to encrypt data M D Copyright Kelly-McCreary & Associates 7
  • 8. Review of Analytical Security • Focus on who can access what "cubes" • Some portions of fact tables (dimensions) can be restricted by user or group • Minimal cell size restrictions in reports to prevent inference • Example: – What is the average math score of female Asian children in the 4th grade at this school? – If there is only a single person in this set the privacy rules will not show any results M D Copyright Kelly-McCreary & Associates 8
  • 9. Most New NoSQL Products • Did not focus on security in the database • Focused on application-level security • Only more mature "release 2.0" systems tend to add security • Many regulated business (healthcare, finance) could not use early NoSQL systems but are not starting to adopt NoSQL systems M D Copyright Kelly-McCreary & Associates 9
  • 10. Implementing Security Firewalls and application servers protect databases from unauthorized access Internet Firewall Reporting tools run directly on a database so the database may need its own security layer App Server Reporting Tools Database • Many projects can put security at the application level • Reporting tools frequently go directly against a database M D 10
  • 11. Simple Circles, Simple Policies general public intranet users authenticated users database administrators • • Simple authorization security policies can be drawn as Venn Diagrams Complex security policies have 100s of overlapping circles M D 11
  • 12. Implementing Auth and Auth Authentication Database Request Authorization Y Id in header? N Company Directory Deny access Login OK Role has access to data? Y Get/Put data Return result N Login N Lookup groups or roles Return error Database Y M D 12
  • 13. Security Grain Database Course grain access control – little performance impact Collection Document Element Fine grain access control – large performance impact • Version "1.0" of many NoSQL databases only control access based on collections • Fine-grain access control can limit performance on distributed systems M D 13
  • 14. Collections, Document and Elements Database database root collection department collection application collection document element • Applies to some types of NoSQL systems M D 14
  • 15. The UNIX file system model Your own permissions Your group's permissions owner The letters RWX are for Read, Write and Execute Permissions group others RWX RWX RWX 110 110 100 Everyone else The permissions for anyone outside your group are Read=true, Write=false and Execute=false • HDFS and eXist-db both support the UNIX security model M D 15
  • 16. Role-Based Security Models • Sample UML diagram for role-based security M D 16
  • 17. Simplified RBAC Model Each user has one or more roles in the database. User Role Resources are associated with a permission for each role. Permission (read, write) Resource (collection, document) Roles are associated with one or more permissions. • Role based access control models decouple the user from the resource M D 17
  • 18. MarkLogic Security Model Amplified Permission (AMP) Users and roles both have default permissions for documents and collections. Execute Privilege Multiple roles can be associated with special privileges on functions, queries and URIs. URI Privilege Document User Role Permission Collection Roles exist in a hierarchy and lower roles inherit permissions from upper roles. Each permission record , stored with a document or collection, associates a single capability(read, write, update or execute) with a single role. Each document and collection is associated with a URI and permissions. • Sample RBAC model in MarkLogic M D 18
  • 19. Apache Accumulo Key Row ID Column Family Qualifier Visibility Timestamp Value • Visibility is a 64-bit field that holds authorization information. Only users that have the right visibility settings can see the value M D 19
  • 20. Amazon S3 Security Models IAM Policy Bucket Policy Allow Who Ann Dan Allow Actions: PutObject Is the same as Resource aws:s3:::bucket_kma/* Ann M D Actions: PutObject Resource Aws:s3::bucket_kma/* Dan 20
  • 22. Migrating Security Policies from SQL to NoSQL Dan Adam November 26, 2013 With Panelist Adam Retter and Michael Allen Michael
  • 23. Sample Slides • • • • Encryption and Security in Accumulo Michael Allen Sqrrl Data Inc. http://www.slideshare.net/DonaldMiner/acc umulo-oct2013bofpresentation M D Copyright Kelly-McCreary & Associates 23
  • 24. Thank You • @dmccreary • @adamretter M D Kelly-McCreary & Associates, LLC 24