Defining Tomorrows Database

eWEEK Labs profiles the technologies and strategies that database builders and application developers should tap when building databases in a challenging environment.

Todays "perfect storm" of sophisticated attacks, corporate governance mandates and public awareness of database security risks demands the prompt and determined response of database builders and application developers. In this report, eWEEK Labs profiles the combination of emerging technologies and developer strategies that enables an enterprise team not merely to survive but also to triumph against such challenges, without forgoing the opportunities that new database deployment options can provide.

There are clear upsides to new database architectures: Grid computing on high-bandwidth networks enables cost-effective and highly scalable analysis, while portable devices with wireless links give better support to decision makers in the field. These same technologies, however, also increase the number of places where an outside attacker might find vulnerability or where internal inconsistencies of data format or application development practice might rip apart a system from within.

The agenda of the enterprise database developer is therefore readily defined. Without abandoning costly investments in servers, software and developer skills, the next-generation database must deliver greater analytic capability and rich-media versatility—even while serving users in remote locations who may have only limited bandwidth available to them via intermittent connections.

/zimages/3/28571.gifClick here to read more about the threats posed by portable storage devices.

Tomorrows database must be able to meet critical needs in more places, must be able to reach those destinations on shorter notice, and must better defend itself against the threats of both malice and misfortune.

To meet these demands, the database platform and application developer must adapt to a changing mission and an evolving environment by devising new combinations of flexibility, speed and survivability. Just as command and control have replaced brute-strength armament as the decisive factors in victory at sea, its the database developers growing ability to combine business logic with real-time knowledge that will yield applications providing competitive advantage.

Assets—and clients—at risk

Database vendors would rather talk about their products increasing capabilities than about the threats that face those products after theyre deployed.

Late last month, though, an Australian food company became an unwilling poster child for the current state of database dangers. Several thousand of the companys customers received fraudulent e-mail, warning of a supposed product recall due to infectious contaminants—a complete fabrication but a convincing forgery of company-initiated e-mail, apparently made possible by successful penetration of the companys customer database.

Investigations were still in progress at this writing, but this kind of incident points to the need to think of database security not only in terms of preserving data against inadvertent disclosure or unauthorized modification but also against deliberate, systematic and damaging misuse.

Its never been more important, therefore, to design security into the database itself, wherever possible, instead of relying on every application that uses that database to be an effective security participant.

Application-level vulnerabilities actually account for the lions share of enterprise configuration management and incident-response costs, according to estimates by Gartner Inc. presented at Septembers Gartner Application Development Summit: The Path to Modern AD. A 50 percent reduction in application vulnerabilities prior to deployment, Gartner estimated, would reduce these costs by 75 percent.

With in-house IT head count under unrelenting pressure, and with application maintenance schedules under the control of outsourced development teams rather than local staff whose priorities can be dictated, it becomes all the more vital to eliminate post-deployment surprises.

Next Page: Limiting Direct Access to Data