Don’t Get Hit with a Database Disaster: Database Security ComplianceMatt Yonkovit
In this post, we discuss database security compliance, what you should be looking at and where to get more information.
As Percona’s Chief Customer Officer, I get the opportunity to talk with a lot of customers. Hearing about the problems that both their technical teams face, as well as the business challenges their companies experience first-hand is incredibly valuable in terms of what the market is facing in general. Not every problem you see has a purely technical solution, and not every good technical solution solves the core business problem.
As database technology advances and data continues to be the core blood of most modern applications, DBA’s will have a say in business level strategic planning more than ever. This coincides with the advances in technology and automation that make many classic manual “DBA” jobs and tasks obsolete. Traditional DBA’s are evolving into a blend of system architect, data strategist and master database architect. I want to talk about the business problems that not only the C-Suite care about, but DBAs as a whole need to care about in the near future.
Let’s start with one topic everyone should have near the top of their list: security.
We did a recent survey of our customers, and their biggest concern right now is security and compliance.
Not long ago, most DBA’s I knew dismissed this topic as “someone else’s problem” (I remember being told that the database is only as secure as the network, so fix the network!). Long gone are the days when network security was enough. Even the DBA’s who did worry about security only did so within the limited scope of what the database system could provide out of the box. Again, not enough.
So let me run an experiment:
Raise your hand if your company has some bigger security initiative this year.
I’m betting a lot of you raised your hand!
Security is not new to the enterprise. It’s been a priority for years now. However, it has not been receiving a hyper-focus in the open source database space until the last three years or so. Why? There have been a number of high profile database security breaches in the last year, all highlighting a need for better database security. This series of serious data breaches have exposed how fragile some security protocols in companies are. If that was not enough, new government regulations and laws have made data protection non-optional. This means you have to take the security of your database seriously, or there could be fines and penalties.
Government regulations are nothing new, but the breadth and depth of these are growing and are opening up a whole new challenge for databases systems and administrators. GDPR was signed into law two years ago (you can read more here: https://en.wikipedia.org/wiki/General_Data_Protection_Regulation and https://www.dataiq.co.uk/blog/summary-eu-general-data-protection-regulation) and is scheduled to take effect on May 25, 2018. This has many businesses scrambling not only to understand the impact, but figure out how they need to comply. These regulations redefine simple things, like what constitutes “personal data” (for instance, your anonymous buying preferences or location history even without your name).
New requirements also mean some areas get a bit more complicated as they approach the gray area of definition. For instance, GDPR guarantees the right to be forgotten. What does this mean? In theory, it means end-users can request that all their personal information is removed from your systems as if they did not exist. Seems simple, but in reality, you can go as far down the rabbit hole as you want. Does your application support this already? What about legacy applications? Even if the apps can handle it, does this mean previously taken database backups have to forget you as well? There is a lot to process for sure.
So what are the things you can do?
- Educate yourself and understand expectations, even if you weren’t involved in compliance discussions before.
- Start working on incremental improvements now on your data security. This is especially true in the area’s where you have some control, without massive changes to the application. Encryption at rest is a great place to start if you don’t have it.
- Start talking with others in the organization about how to identify and protect personal information.
- Look to increase security by default by getting involved in new applications early in the design phase.
The good news is you are not alone in tackling this challenge. Every company must address it. Because of this focus on security, we felt strongly about ensuring we had a security track at Percona Live 2018 this year. These talks from Fastly, Facebook, Percona, and others provide information on how companies around the globe are tackling these security issues. In true open source fashion, we are better when we learn and grow from one another.
What are the Percona Live 2018 security talks?
We have a ton of great security content this year at Percona Live, across a bunch of technologies and open source software. Some of the more interesting Percona Live 2018 security talks are:
- Securing Access to Facebook’s Databases – Andrew Regner: Facebook
- Database Security as a Function: Scaling to Your Organization’s Needs – Laine Campbell: Fastly
- Securing Your Data: All Steps for Encrypting Your MongoDB Database – Igorcho Donchovski: Pythian
- GDPR and Security Compliance for the DBA – Tyler Duzan and Jeff Sandstrom: Percona
- MySQL/Percona Server/MariaDB Server security features overview – Colin Charles: Percona
- A Seat At the Blockchain and Cryptocurrency Table for NoSQL Database Technologies – Kimberly Wilkins: Object Rocket
- Fortify Your MySQL Data Security in AWS Using ProxySQL Firewall – Marco Tusa: Percona
- Securing Your Data on PostgreSQL – Payal Singh: OmniTI Computer Consulting Inc.
Want to attend Percona Live 2018 security talks? Register for Percona Live 2018. Register now to get the best price! Use the discount code SeeMeSpeakPL18 for 10% off.
Percona Live Open Source Database Conference 2018 is the premier open source event for the data performance ecosystem. It is the place to be for the open source community. Attendees include DBAs, sysadmins, developers, architects, CTOs, CEOs, and vendors from around the world.
The Percona Live Open Source Database Conference will be April 23-25, 2018 at the Hyatt Regency Santa Clara & The Santa Clara Convention Center.