Ask HN: Any advice on extra database security?

1 pointsaguilar6y ago1 comments

I am currently working on a DaaS API project. The company I work for has a customer who pays to query data. Because data is the company's most valuable asset, leadership is very concerned about its security. It is the first project in DaaS format, usually data is delivered within our application / UI. We are creating a separate database with only the data set for that particular client, which will be encrypted and unlabeled. This data will be available in a unique environment with a single API for this purpose only. The API has time limit on queries. If any of you have had experience in a similar scenario, would you like some advice or ideas to help me? What would be an outline of your solution for extra security in this case? Thank you all in advance!

1 comments

jacques_chester6y ago

If your database offers the capability to use row-level security (aka virtual private database), that should be your first port of call. PostgreSQL, SQL Server, Oracle DB DB 2 support this capability. I'm sure others do as well.

As for time limits, you can also look for other ways to constrain usage. I know that Oracle, DB2 (on some platforms) and Greenplum are able to set workload limits, so that queries can be constrained from acting as noisy neighbours to other queries on the same data. A less specific way to achieve this would be setting OS-level resource limits on the database processes themselves, such as a kubernetes request/limit setting.

But really, my best advice is to find a capable and experienced DBA for your particular database system. It's likely that a mature database has several ways to secure your data that you might not yet have thought of.

j / k navigate · click thread line to collapse

Ask HN: Any advice on extra database security?

1 pointsaguilar6y ago1 comments

1 comments

jacques_chester6y ago

j / k navigate · click thread line to collapse