Who should be in charge of designing the database – team members, who understand the application requirements, or a database design expert, who may not understand the problem domain issues but does understand good database design? How can the team verify that the solution is correct and, more difficult, that it is efficient?
Another interesting combination of both database and integrity is how to design and implement so that the database is secure? What kind of encryption should be used within the database? What data needs to be secure?
Designing a database is not a simple matter, it can not doing by only one person. The person knows about the requirements may not familiar with database designing. The design expert knows how to design a good database, but the result may not be matched with the requirements. Thus, as mentioned in the question, both who understand the application requirements, or a database design expert should work together and get brainstorm to come out a good format for the database.
There are several steps can increase the security level of data: 1. Isolate sensitive databases; 2. Eliminate vulnerabilities; 3. Enforce least privileges; 4. Enforce least privileges; 5. Respond to suspicious behavior; 6. design secure passwords; 7. Monitor and audit your database. For the encryption, in general, we can use both symmetric and asymmetric database encryption. Any data relate to PII, company’s core imformation need to be secured.
I agree with you. The design of a database is a complex work, the corporation between team members would be a better solution than doing by an individual. The design should match the requirements and should be feasible for the company to implement.
Well said Iyana, just like any project database design should incorporate all the key stakeholders. This includes the people the database is being designed for(users), the process owners, whoever is responsible for ensuring the quality of the database, person responsible for database security. Thank you for proving a real-life experience that shows the importance of the contribution of everyone in the team.
I agree with you, because it is important to make the database strong. Using the strong password is a good way to protect the access authority on the database. To determine which encryption method we should use, it is important to determine the security level. Using stronger method for high security level data.
HI Hanqing,
I agree with your advice for team members and database design expert work together and get the brainstorm to get a better idea. I think you can more focus on how to increase the security level of data with the integrity, not just in general.
I agree with your point. A database design should be completed by both database design expert and the staff who knows about requirement. There are also lots of methods to protect data which security professionals can choose accordingly. Sensitive data for business and PII should be protected definitely.
I agree. The design of a database can be pretty challenging. Which is why it is important for both data base design expert and staff to cooperate and do it together. The design and the requirements should match and easy to implement.
I think you are correct with your idea that a database needs multiple people working because it has a lot of moving parts.
Hanqing, the suggestions you made are practical and specific. Especially the first point “isolate sensitive databases”. I understand why you put it first. An isolated sensitive database makes sure limited accessibilities and prevents catastrophe risk caused by hazard of the destroy of other databases.
I agree with you. Designing a database requires an understanding of the business functions you want to model. It also requires an understanding of the database concepts and features that you want to use to represent those business functions.
To design an application, it is important to include different roles in a team. Software development team should be included because they focus on the technical part in software designation. In addition, senior managers also need to participate in the team. They understand the overall business plan in the organization. The application should be designed to better serve for the business, so it is important to align with the business plan. What is more, other stakeholders, such as users, should also join the team. Their requirements should be collected. The application should meet these requirements to fulfill the functions in the business. The stakeholders and senior managers understand the requirements, because the application is designed for them to use in the business. Software development team understand the software design well. They need to develop the application based on the requirements provided by the stakeholders. To certify the solution is correct or not, there should be user acceptance testing and quality assurance in the end of software development life cycle. User acceptance testing is done by users. They can determine the application meets their requirements or nor. The quality assurance is done by the team which independent to the users. They make sure the technical part is reasonable or not.
To combine the database and integrity, it is important to have reasonable authorities assigned. Different roles in an organization should have different authorities to access different data on the database. The users should also have strong password setup. Furthermore, the data should be encrypted and monitored. People can use different encryption method, such as asymmetric methods and symmetric methods. It depends on the security level of data. High security level of data, such as PII, should be encrypted by stronger encryption method, such as asymmetric methods. Therefore, it is important to define the security level of different data.
Good point, Xinteng.
I agree with you that the stakeholders and senior management should be involved in a project. It is very important for their involvement to provide a direction and facilitate the process of a project.
Thank you for your sharing. I really like what you talk about the “stakeholders,” you are right, so I think the stakeholders’ goals and benefits is one of the requirements that the team members need to pay attention to. Thus, whatever we missing team members who knows the requirements or the design experts, the result will not match with the stakeholders’ requirements.
Good Point, The collaboration between database experts and key stakeholders makes the task of designing a database easier. This will enable them to achieve the business requirements and all technical requirements for developing a good database.
I agree with you. To certify the solution is correct or not, there should be user acceptance testing and quality assurance in the end of software development life cycle.
Hi Xinteng,
Good point on authorities assigned when combining with database and integrity. If there are no reasonable authorities assigned to the database, different departments or different roles maybe cross-cutting power, which would lead to employee fraud or information leakage.
I agree. The design of a database should be done as a group. And you also made a good point regarding the encryption method that should be used. It will depend on the the security level of the data.
Nice analysis Xinten, a good introduction toward different roles. And I really agreed on your point that important to include different roles in a team.
Well said. Role-based access control is really important to an organization in regarding the protection of data.
Good point. Stakeholders and senior managers understand the requirements because the applications are designed for their use in the business. The software development team has a good understanding of software design.
I believe designing the database should a collaborative effort between the team members and the data design expert. Effective database modeling involves understanding both the business requirements that need to be modeled (i.e. by the people who understand the application requirements and problem domain issues) as well as the database features that are available to meet those requirements (i.e. understanding good database design). As an IT consultant, I often worked with clients to develop generic data models. The client provided essential feedback such as the company’s plan for growth and granular details on how the database would be used. While I was able to offer the client industry best practices and what features were available to accommodate these requirements (e.g. how flexible the database could be), both of our input was equally valuable.
A team can evaluate a solution’s suitability though the following:
•Ability to anticipate future requirements
•Facilitate systems analysis
•Consistency
•Completeness
•Ongoing review
The level of confidentiality, integrity, and availability/access required should be determined before deciding what type of encryption is need within the database. We should be securing things like PII and any data that hold significance to the organization itself (e.g. competitive advantages, finances, etc.)
Hi, Lyana.
You provide clear points for how to evaluate the solution’s suitability. The consistency with the business requirement should be the most important consideration when evaluating the solution. System analysis is a good one to identify the improvements needed to better meet business needs.
Thank you for your sharing. You gave some great ideas about the evaluation methods. I like you mentioned about the Ability to anticipate future requirements and Ongoing review, both two methods are caring about the future performance of the database to make sure it is strong enough and still meet with the requirements.
Hi Iyana
I agree with you point, especially the different ways that the team can evaluate how suitable a solution is. Liek you also mentioned we should also determine the level of access required before determining the encryption method.
Hello Lyana, you made a good point that “the effective database modeling involves understanding both the business requirements and the database features” the solution evaluations you provide are very thoughtful as well.
When it comes to designing a database, a business cannot simply leave the task up to a team who knows the business nor someone who is technical in nature and good at database design. From my experience, it is a process that starts with gathering requirements and getting an understanding of what exactly the business needs are. Once a concrete analysis has been done , the requirements need to be communicated to the team who will be responsible for the fulfilling the business needs (Developers, QA Analysts, Project Managers) as well as the database designer. A Business System Analyst would typically handle tasks associated to communicating the with the appropriate personnel. It would be beneficial for the database designer to work with the business analyst to complete data modeling of the database to ensure that all of the data needs are met and so the database designer has a good idea of the how entities relate to one another. I’ve seen essential data not be included in the database simply because the database designer did not have enough business knowledge to know that it needed to be tracked and/or updated on a timely basis. Database design is not an easy task and takes multiple people with different levels of expertise to get it right.
End to End process testing is a good way to ensure that the solution is correct. Often times, people focus on one specific need of a business that they forget how their solution will impact other needs and processes already in place. It is crucial that the solution does not break a process already in place.
Encryption in databases can take many forms including symmetric methods, asymmetric methods, hashing, and salting. The type of data to secure would ultimately depend on the compliance involved but PII is one of the first things should be secured especially when many consumers are involved.
Your comment was very insightful in explaining all the different roles that should be required in the designing a database. As you mentioned, it starts with gathering requirements which requires a collaborative effort. This can help prevent things like missing essential data in the database. I also agree that the solution should be evaluated on its affect on the business in entirety. It is important to test the solution based on current requirements and the future requirements or the organization to allow for scalability.
Hello Sarush, good analysis. I agree with you on the point that a business should start on the point to fully the business requirements and then built the further frameworks above it.
Database design is a complex, but necessary process. It involves creating a functional database system that is able to manage all of a company’s information in one place. When designing a database, there are a lot of factors to consider in order to ensure it can do what is required of it.
First of all, there is a role called database designer, who is responsible for defining the detailed database design, including tables, indexes, views, constraints, triggers, stored procedures, and other database-specific constructs needed to store, retrieve, and delete persistent objects. They are in charge of database design, who understand the application requirements, a database design expert. Then, there is another role called database developer, who will in addition evaluate and advise on all technology components, such as software, hardware, and networking capabilities, for database management systems and applications. As part of the role they will be responsible for implementing data dashboards to all levels of the organization. They may not understand the problem domain issues but does understand good database design.
For the data encryption, there are nine data encryption methods:
1) Transparent/ External database encryption
2) Column-level encryption
3) Field-level encryption
4) Filesystem-level encryption
5) Full disk encryption
6) Symmetric and asymmetric database encryption
7) Key management
8) Hashing
9) Application-level encryption
I agree. It is insightful of you to explain the differences between both the database designer and database developer role. It is also important to consider the database administer when designing a database. They will be responsible for performing the day-to-day task of maintaining the database environment to ensure its availability and that it runs smoothly.
Yes, the database designers and database developers can collaborate effectively to define the details of a database design, examine the requirements, identify constraints ( if any), evaluate and advise on all technological components. They may also work with other stakeholders to enable them to understand the problem domain issues and to develop a good database.
Thank you for your sharing. You gave the details about the components of the database and different types of the encryption method. I think the Application-level encryption is the most powerful encryption method to encrypt the database.
Hi Xiaomin,
I agree with you. Database designer and database developer should work together to complete database design efficiently. Data needs to be protected appropriately and there are many encryption methods available to use according to different situation.
Thanks for sharing your thoughts. This is a very detailed comment. I like the level of details put in while talking about the different encryption method. To me the symmetric and asymmetric method are the most appropriate for this case.
Hello Xiaomin, good analysis. You made a good introduction toward the two critical roles database designers and database developers. And the nine encryption methods are helpful to be mentioned.
I like you post. Yes, Database design is a complicated but necessary process. It involves creating a functional database system that can manage all the company’s information in one place.
The design of a database is not an easy task. It involves the creation of a system that manages the entire company’s information. It cannot be left up to neither the business nor the technical people who knows database design. They should both work on it together to make sure that the solution is correct and efficient. It is an entire process that requires and understanding of the business needs and the gathering of requirements. After the analysis phase the requirements should be communicated to the team that will be in charge for the business needs. The database designer, will be responsible for taking care of the details for the database design. Then the database developer will take care of all the technology components (software, hardware, and applications). His understanding of database design will come in handy.
For the encryption, we can use different method.
Column level encryption
Field level encryption
Full disk encryption
Key management
Filesystem level encryption
Symmetric and asymmetric database encryption
Application-level encryption
However in our case for data that need high security level like PII, they should be encrypted usingboth symmetric and asymmetric database encryption.
Both team members who understand the application requirements and a database design expert who may not understand the problem domain issues but does understand good database design are necessarily in charge of designing the database. Team members usually have a better understanding of business needs for their corporation so they can build a database in order to satisfy some specific requirements of the company’s most used applications. On the other hand, a database design expert has enough experience on the industry’s best practices and it will help this company to increase the work efficiency by reducing potential mistakes. During the testing phase, the developing team can run some calculation and experiment to ensure the solution is correct. If they would like to confirm whether this database design is efficient or not, they should probably run plenty of tests to collect some critical statistics data and analyze these data later.
To ensure whether the database is secure or not, the developing team can implement some secure coding practices to improve the overall security performance of its database. For database particularly, different kinds of encryption methods can be implemented, such as Application-level encryption, Full disk encryption, and Hashing. An enterprise should determine the critical level of its data initially, such as Restricted, Private, and Public, and decides what level of security should be implemented to this particular level of data based on the company’s available resources.
I agree with you, data design experts only deal with the technical problem in database designation. Senior managers may understand the requirements and .needs better than the experts, because they understand the direction of the business. The application should serve the business better by aligning with the direction.
Nice point. As part of the role they will be responsible for implementing data dashboards to all levels of the organization. They may not understand the problem domain issues but does understand good database design.
Database design is a collaborative team effort. Even though the database designer knows how to design the models of the database using different diagrams they can not design or model what they do know. They need an understanding of the business function or the requirements the database must meet. The database design includes determination of the data to be stored in the database, the relationships between the different data elements and a logical structure drawn from of the relationships. All these can be achieved from an input from other team members.
Both data at rest and in transit should be secured. This can be done in different ways. Transparent/external database encryption helps to protect data at rest. Column-level encryption for is encryption of the individual columns in the database. Symmetric encryption involves the use of a private key being applied to data that is stored and called from a database. Asymmetric database encryption uses private and public key for encryption. Hashing is used to protect sensitive data such as passwords. Application-level encryption, encrypts data before it is written to the database.
I appreciate your information on the processes included in database design. I agree that the determination of the data, relationships, and logical structure require input from the team members that will be interacting or using the solution. Thinking through these elements are a critical information gathering experience for both the team and database designer.
Yes, Karabo, I agree with you. Database design is a collaborative team effort. it is more efficient for the team complete the design the database.
Hi Karabo,
I agree with you. Designing a database could not be completed by one person. And I like your point about encryption which is clear and understandable. Sensitive data and information should be protected properly.
Yes, Karabo,
Good point. Database design is a collaborative team effort and allows for a better efficiency in the deign of the database. And I like your detailed point about how each encryption method works. Thanks for sharing
I agree with you that designing a database is a collaborative effort. Everyone involved has special skills that can help with database design in the most effective way. You also did a good job explaining the different methods of data encryption and their scalability.
Designing database should be a joint task between team members, (like users, senior managers and database designer) who understand the application requirements, designs and implements computer databases for collection, protection and analysis of data; and a database expert – like a database developer, who can evaluate and advise the team on the required technological components, such as networking capabilities, hardware or software requirements. The team can verify that the solution is correct through quality assurance checks and user acceptance testing during the software development lifecycle. Some of the encryption methods that can be used include the advanced encryption standard, triple data encryption standard, full disk encryption, hashing. We can use the symmetric and asymmetric database encryption for a higher level of database protection. It is every organization’s responsibility to classify its data so as to determine which should be private (restricted) or public ( easily accessible).
I also think all team members should be in charge of designing the database. It is a complex processing.
The designing the database should be a teamwork. It requires team members who understand the application requirement to ensure the design match the business need. It also requires the members who are familiar with database design process and related technical skills to make a database system possible to be created. The senior management and other stakeholders involvement are important for a project being conducted in an effective way. A team can verify the solution by providing user acceptance testing to determine whether the system meets their requirements.
Encryption can be used in design and implementation of the database to protect the database from information security issues (i.e. unauthorized access, data loss). The encryption can be external encryption (which refers to encryption of the entire database so that the database is invisible to the application and users without database credentials), data encryption (which refers to encrypting part of the database such as specific columns, tables). The data including confidential information such as PII/SPI, trade secrets that have commercial values or can have an impact on business should be secured.
I agree with you, because designing a database should be a teamwork. People should collect the requirements from stakeholders in an organization. Database design expert can design the database based on the requirements, so it is important to involve many roles in a team to develop a database.
Jing, thank you for sharing at length the importance of team effort in the design. I also found this article interesting that details some of the questions the team can evaluate the efficiency of the solution.
• Has the logical model been thoroughly examined to ensure that all of the required business functionality can be achieved based solely upon the model?
• Is the model in (at least) third normal form?
• Have all of the data elements (entities and attributes) required for this application been identified?
• Have the data elements which have been identified been documented accurately?
• Have all of the relationships been defined properly
https://datatechnologytoday.wordpress.com/2013/12/12/the-7-types-of-database-design-reviews/
Hi Jing,
Thank you for your sharing. I agree with you that designing database should be a teamwork. Database design expert and staff who understand the needs should work together to get through the design process smoothly. Important data and information such as PII or trade secret should be protected properly.
In addition, I think log management and least privileges are also good method to protect the database security,
I agree with you. Encryption can be used for database design and implementation to protect the database from information security issues Encryption can be external encryption (referring to the encryption of the entire database, so that the database is not visible without the database credentials), data encryption (refers to the encryption of certain parts of the database, such as specific columns, tables ).
Every team must have a lead; database design is no exception. While it is true that everybody will has a contribution, the database design expert must be in charge of the design as he understands what a good design is. What should be included or excluded from the design. Other team member(experts) can provide their information then the database design expert should structure the design or lead the design process.
Database design experts are specialized; the knowledge of things that make up a good database are important which are known by the experts. Where ever he/she has a shortfall, like application requirements, other experts can contribute; provide the necessary requirement then the design expert lead the review and structuring process.
Securing the database is not an option. Thus, encrypting the database is important. A combined encryption should be used within a database. All data on a database will not have the same security requirement or setting. Thus, those that need the symmetric encryption should be encrypted at that level. Those that need to be asymmetric encrypted, should be encrypted at that level. I believe encryption is not a one size fit all. There are information all users can see. Whereas some information should only be seen by privilege. Set the encryption to do necessary job.
Thank you for sharing your opinion. everybody in the team has their own duty to make contribute.
Designing the database is the complex process, which not only build up the physical function but also need separate the different duty of data. Basically, I prefer that both of senior manager or stakeholders who understand the application requirements and design expert who understand good database design are important during creating database process.
In order to protect our database, also protect data integrity. We should separate the different roles’ duty, some staff can have authorities to access the data, someone can’t. also, we need define the different level of data. Such as the sensitive data we should create strong password policy and the data should be encrypted and monitored. Last, as an auditor should audit the database regular.
Hi Linlan,
I agree with your idea. The process of database designing can be complicated so it is better to have expert and management work together to improve efficiency and save costs. In the methods to ensure data security, auditor play an important role to audit database regularly.
I agree with you, Linlan. Defining different levels of data is indeed a smart way to make the database secure. Not all data needs the same the same kind of security. Understanding what kind of protection is needed based on the sensitivity of the data and applying the relevant encryption within the database will prove to be efficient.
Binju,
I truly agree with your comment about understanding what kind of protection is needed based on the sensitivity. It is important and would prove to be more efficient to separate the data out into levels of sensitivity and identifying the data that actually needs encryption opposed to possible encrypting something that isn’t necessary.
I agree with your comment Linlan, to separate the different roles’ duty,
I was reading in an article that the DBAs should be in control of encryption keys, as well as the data itself. The duty of the security group is define policies and procedures and monitor data encryption, while the DBAs should be able to implement these controls with minimal impact on their main role: administering databases,
Good answer, Linlan. Segregation of duties could be an effective principle to protect our database and data integrity. For instance, Database Administrator should not be able to modify the data, because this belongs to Data Owner’s duty. In contrast, Data Owner cannot perform the installation and configuration responsibilities either. Also, as you mentioned, Least Privilege should be implemented to ensure that any authorized personnel can only operate the system on a basis of minimal time and authority.
Hi Linlan,
I too agree with you comments about separating the different roles. Segregation of duty is always a great way to protect the integrity of a function. As stated by Xiaomin (above) the differences in roles with regards to a database designer, administrator, developer. each of these roles are defined by their duties (explained above) and would prove to be useful in protecting the integrity of the implementation process.
I think you bring up a good point suggesting that both senior management and stakeholders should be involved when deciding on database design and the creation process. I think you mention good points regarding security as well. Having password protection, encryption, and regular audit are good ways to make sure there are no gaps in coverage.
Database design is the process of producing a detailed data model of the database. Team members, who understand the application requirements can design the blueprint for the whole project. They know what the core elements and data of the database are. Database design expert, who understands database design well, but they do not have the professional opinions to the application requirements. Overall, I think team members should be in charge of designing the database. They can communicate with database design expert to design a correct or more difficult, efficient database design.
To create more efficient databases, you may need:
• Always close access when it’s not in use
• Determine who is using a database
• Routinely back up your databases
• Compact your databases to prevent database corruption
• Split databases into a front end and a back end
• Create a primary key to prevent duplicate records
When integrity meets with database, the first thing we need to confirm is that the threats for the integrity, such as in cases of theft by a disgruntled employee or by a hacker with political motivations, to cause the organization loss of business or reputation, especially if the organization is found to be in breach of regulations or industry standards that demand high levels of data security. I think the data should be encrypted if the purpose of database encryption is to protect the data stored in a database from being accessed by individuals with potentially “malicious” intentions. This is also effective in internal auditing.
Reference: http://www.itprotoday.com/management-mobility/access-database-efficiency
http://www.dbta.com/Editorial/Think-About-It/5-Key-Steps-to-Ensuring-Database-Security-95307.aspx
Designing the database can be complicated, inefficient and costly task if the team cannot work together. In my opinion, the database design expert may not understand the requirements clearly while the team member who understand requirements may not be good at practical designing. In order to design the database successfully and efficiently, they should work together to improve efficiency and save costs. In order to verify if the solution is correct, they can test it to see if the database fulfill the requirements and comply the laws and regulations.
Meanwhile, there are many methods to ensure and protect data security. Asymmetric and symmetric encryption involve many specific methods to achieve the security goal. Sensitive data such as PII or trade secret should be protected carefully and properly.
Well said, Yingyan. I like how you brought up saving cost and improving efficiency to accomplish successful database design. Both of these aspects cannot be fully utilized if team members and database design expert work separately.
Nice post, Yingyan. As you mentioned, to ensure whether the database solution is correct or not, we have to perform a series of feasibility tests initially to see if our database design can fulfill our business needs and requirements. Also, we have to test whether our database can work smoothly with our other information systems at a high efficiency. One more thing, laws and regulatory compliance is another important factor which we have to pay attention to because ignorance of it could cause potential reputation and economic loss to our company in the future.
Asymmetric and symmetric encryption is something that could be very effective. I could definitely see a company using this for their database.
Yingyan, good point, In order to protect the data efficiently, the organization should classify the data based on the sensitive level. Therefore, the organizations could implement control methods more cost-effective and efficient.
I like how you mentioned that efficiency and understanding requirements are important factors when designing a database. This will, in fact, help with cost reduction. I also think you have a good idea mentioning encryption as a way to keep data secure.
I believe, both team members and database design expert should be in charge of designing the database. The database design work requires high level understanding of the data and as well as the understanding of the application requirements. If any of the two factors are missing, then a successful database design may not be accomplished. The database design should be treated as a collaborative work where team members and experts contribute their efforts and knowledge for secure and integrated database. Lastly, designing and implementing a database that is reasonably secure is significant to address the CIA triad of the available data. Securing database can be done by encrypting specific columns and tables which is termed as column-level encryption.
Binju, I agree with your point. Designing a database should be a collaborated work which includes both parties. the collaboration can create a functional and secure database for the organizations.
While you will definitely need a database design expert to design the database, you also need the team members input to design the database, one of the steps in designing a database is information gathering, and you definitely need inputs from direct and indirect users of the database. So I would say these 2 sets of people are not mutually exclusive in the design of the database.
I absolutely agree with you, Stella. A successful database design is only possible if inputs from all sources (direct and indirect users, like you mentioned) are obtained. Team members and database design expert are equally needed to design the database.
At the board-room level, data encryption may easily be viewed as a binary matter: data encryption is employed and the company’s assets are secure, or they’re not encrypted and it’s time to panic.
I definitely agree with you about information gathering and the effort that all the managers need to put into this step of design. Data cleaning is a key procedure in today’s data transfer and database implementation.
I definitely see the argument of mutual exclusivity. You could choose to use both of these things and have the team members and the database specialist work together,
Another interesting combination of both database and integrity is how to design and implement so that the database is secure? What kind of encryption should be used within the database? What data needs to be secure?
Both Data in transit and Data at rest needs to be secure.
Currently a single database may have 10,000 connections, more than even the most skilled DBA could manually monitor. Nor can databases discern between hackers and authorized users. If a database is accessed using the right username and password, information is made available regardless of whether the identity is stolen. And to make matters more precarious, databases store data in clear text within the database files, so that someone with malicious intentions can, with a little effort, access the data at rest without having to connect to the database.
Protecting database information at rest with encryption offers an added layer of protection from a multitude of threats, both internal and external. By protecting databases at their core, the data itself is safeguarded no matter how many times the databases themselves have been replicated or moved to another location.
Three types of database encryption are typically considered: column-level, tablespace or database level, and file-level.
Column-level database encryption is the best-known type of encryption because most database vendors include this type of data protection with their databases. Column-level encryption works by encrypting columns within a database. Third-party column-level database encryption solutions can protect columns across heterogeneous database environments that may include databases platforms like DB2, Sybase, SQL Server, and Oracle, among others.
Tablespace-level encryption methods for the most part provide more granular controls for safeguarding data than column-level encryption can. Tablespace-level encryption lets them encrypt all the data to which the tables are referring. Tablespace-level encryption offers administrators the ability to choose the data they want to protect, even if that data is being accessed by multiple columns within the table.
File-level data encryption works by protecting the actual database file. Rather than encrypting row-by-row or column-by-column, file-level encryption encrypts in file system block chunks. It decrypts data before it is read into the database’s cache, allowing databases and applications to work as if no encryption solution has been deployed. Unlike other types of data encryption, file-level encryption can protect database configuration and trace files as well.
https://www.zdnet.com/article/database-encryption-demystified-four-common-misconceptions/
And the first step is to get a high-level grasp of the topic and an understanding of the business or functional area. Generally this is referred to as the business domain.
I appreciate your explanation of the different types of encryption. The type of encryption needed will definitely vary. That is why it is important to have a firm understanding of not only what kind of data will be within the database but its relation to the organization. This requires input from both team members and the database designer to ensure the best form of encryption is used.
I think all team members should be in charge of designing the database. It is a complex processing.
A well-designed database shall:
Eliminate Data Redundancy: the same piece of data shall not be stored in more than one place. This is because duplicate data not only waste storage spaces but also easily lead to inconsistencies.
Ensure Data Integrity and Accuracy. And the first step is to get a high-level grasp of the topic and an understanding of the business or functional area. Generally this is referred to as the business domain. Team members may have different levels of understanding the database design, so all members do not have a very clear plan or idea about the each steps of the designing.
There are some ways to enhance security or to protect data within the cloud will allow businesses to minimize the potential risks to their network, data, and systems:
establishing effective security protocols;
limiting data use and exposure;
utilizing security applications.
At the board-room level, data encryption may easily be viewed as a binary matter: data encryption is employed and the company’s assets are secure, or they’re not encrypted and it’s time to panic. However, for the security teams chartered with securing sensitive assets, the realities are not so simple.
Sensitive data and information should be secured.
Zhixin- Eliminate data redundancy is an interesting and important point to consider while maintaining the information in the database. This issue is very common in the database design, and it won’t cross admin’s mind often.
I agree with the point on a binary situation. Security is a very complicated issue, and it could take very many angles to be effective.
Nice point. I also think data integrity and accuracy is really important during the process of database design. In most companies, there are areas where important business decisions are routinely made based on data.
I agree, database design is a group effort and the more people involved, the more inaccuracies will be managed. I think something you can include to the well-designed database list is user experience.
Designing an efficient database is an outcome of collaboration between the business team and the technical team(software developers)within the organization. a properly designed database provides you with an access to an up-to-date, accurate information. Because a correct design is essential to achieving management goals in working with the database, investigating the time required to learn the principles of good designs make sense. In the end, higher level managers are much more likely to achieve the database more compliant with their need and can easily accommodate change.
The database holds the backbone of an organization, it’s transaction, customers, employee info, financial information for both customers and employees, and much more confidential data within the organization, Database security an integrity are essential aspects of an organization’s security levels. Database security is a key responsibility of the organization’s database admin and the technical team handling it.
Security is definitely a key responsibility for the database. The admins would take care of this, and make sure the database is run accordingly.
Who should be in charge of designing the database – team members, who understand the application requirements, or a database design expert, who may not understand the problem domain issues but does understand good database design?
I believe the database expert would be the best choose for designing the database, so they should be in charge. The database design expert must be skilled enough to understanding the end user’s requirements, as well as, the database’s integrity and security. Outside of the data requirements according to our text, systems analysts must also know physical data characteristic, frequency of use of the system interfaces, and the capabilities of database technologies.
What data needs to be secure? Sensitive data (ex. PII) that is either at rest or in transit should be secured at all times.
I can definitely see the argument from both sides. Database specialists know how to create an effective database, but team members would actually would need to go into that database.
I agree. The design of a database can be pretty challenging. Which is why it is important for both data base design expert and staff to cooperate and do it together. The design and the requirements should match and easy to implement.
Database design is the process of producing a detailed data model of the database. Team members, who understand the application requirements can design the blueprint for the whole project. They know what the core elements and data of the database are. Database design expert, who understands database design well, but they do not have the professional opinions to the application requirements. Overall, I think team members should be in charge of designing the database. They can communicate with database design expert to design a correct or more difficult, efficient database design.
To create more efficient databases, you may need:
• Always close access when it’s not in use
• Determine who is using a database
• Routinely back up your databases
• Compact your databases to prevent database corruption
• Split databases into a front end and a back end
• Create a primary key to prevent duplicate records
When integrity meets with database, the first thing we need to confirm is that the threats for the integrity, such as in cases of theft by a disgruntled employee or by a hacker with political motivations, to cause the organization loss of business or reputation, especially if the organization is found to be in breach of regulations or industry standards that demand high levels of data security. I think the data should be encrypted if the purpose of database encryption is to protect the data stored in a database from being accessed by individuals with potentially “malicious” intentions. This is also effective in internal auditing.
You are right, except that the sensitive database like PII should be protected carefully.
Database design in an essential process and you would want people well versed in the company to create it. Team members with database experience would most likely be the best choice. Team members would actually be using the database, so they could verify how effective it really is. Database security is essential for the organization to run effectively. The ability to internally audit encryption methods would also be a good idea.
To designing the database, I think team members who understand the application requirements and the database design expert who is professional in database structure designing should collaborate. Because during the database design process, understanding the business rules and application requirements is critical. If only team members responsible for designing the database, the database structure and entity might be inefficient. However, if only database design experts responsible for the database designing, the database might not functional because the experts lack understanding of the application requirements.
Organizations could use many controls to ensure the security of the database, such as cryptographic, least privileges, log management, and monitoring. All the data that is not public should be protected. Organizations need to classify the data into different levels based on the sensitivity level to implement controls.
Well said. Database design is a complex, but necessary process. It involves creating a functional database system that is able to manage all of a company’s information in one place.
I agree with you Dongjie.Organizations should use some controls to secure the database. Except you list the example of cryptographic, least privileges, log management, and monitoring, there also have used passwords and change that frequency, encryption, segment your database, and using some tools hidden your database.
I agree with you. If only database design experts are responsible for the design of the database, the database may not work properly because experts lack understanding of the application’s requirements.
On my opinions, both the team members, who understand the application requirements and the database design expert, who understand database design should be involved in to the works.
To be honest, the talents like our ITSCS students are necessary at this point. The personals with both business and technology can become the bright between the business and IT department.
But overall, the business department and the day-to-day employees should raise their needs and requirements toward their business goals and the efficiencies. Then the database designers and developers should clarify the requirements and goals and represent it into the computer languages. After the IT parts have been finished, the team members should test the database to check whether it meets the daily works and raise the further suggestions, so IT department can improve their works and start to debugs.
The database securities should be considered from the very beginning of the design part. The main database encryptions include transparent data encryption, column-level encryption, field-level encryption, and asymmetric database encryption.
All sensitive data should be secure, like PII, critical transactions and business secrets.
I agree with you. People with business and technology can become bright spots between business and IT departments. But in general, business units and day-to-day employees should improve their needs and needs in order to achieve their business goals and efficiencies.
Improving the security of the data is important, and I know the five things can keep the data more safe and secure.
1. have secure passwords: the most sophisticated systems on Earth can’t protect against a bad password, but hackers have increasingly sophisticated tools at their disposal that make many other passwords increasingly vulnerable. Also, if a password isn’t changed after 90 days, lock out that account pending administrator approval to make sure that an old password isn’t a hacker’s way in.
2. encrypt your database: just as important as the passwords are the encryption of your database. Make sure that your database is encrypted with up to date encryption software.
3. don’t show people the backdoor: keeping database hidden from search engine results through the robots .txt file, and also not linking to it directly.
4. segment your database: you’ll want to segment your data to make sure that not just anyone sees everything. in many systems, various roles can be created within the database.
5. monitor and audit your database: monitoring access and behaviors of database users can help you ensure that no odd behaviors are exhibited that might imply a leak.
I do not believe it matters what the hard skill set is of the database design team leader. I think that as long is the leader has strong communication, team building and project management skills then you have a right person. Neither skill set on its own make someone more preferable for the job. If you have someone he knows databases but doesn’t understand the business processes then you may get a system that is logically correct would not capable of performing the actual that this you don’t need. On the reverse, having someone who understands the process but not how to put a database together may lead you with a system that is incapable of actually functioning.
You need someone who is able to create a discussion process where business needs are mapped out with respect to the boundaries of the capabilities of the database or of the policies in place to protect the other information on said database. Having the experts in each of the experts speak up at the appropriate times will man will greatly affect the amount of success you have in a usable system that meets the business units needs.
I would select a column based encryption method for the database. It can protect key information without effecting the entire record. It would also allow for non confidential information to be accessed with out the slowdown of dealing with encryption. Loss of data due to loss of key is mitigated since different keys are required for different columns.
Designing a database cannot only be done by one person. It takes a team of people who understand what the business requirements are and how to build a database. These skills may not come from one single person and a good database requires both to be effective in its purpose. Those who understand the application requirements and database design should work together for this result. The steps to increase the security level of data are to; Isolate sensitive databases, eliminate vulnerabilities, enforce least privileges, enforce least privileges, respond to suspicious behavior, design secure passwords, monitor and audit your database. Both symmetric and asymmetric database encryption can be used in order to protect any data relate to PII and private company information.
Making a database is a complex process that not only builds physical functions but also separates the different responsibilities of the data. Basically, I would like to know more about the senior managers or stakeholders of application requirements, and the design experts who understand good database design are very important in the process of creating a database.In order to protect our database, we must also protect the integrity of the data. We should separate the roles of different roles. Some employees can have access to data and some cannot. In addition, we need to define different levels of data. For sensitive data, we should create a strong password policy. Data should be encrypted and monitored. Finally, auditors should audit database rules;