Using Oracle and SQL Server Together and Keeping them Secure
It's common to see Oracle and SQL Server databases in the same organizations. A SearchOracle.com interview with SQL Server author Kevin Kline highlights a common pattern many of us see: Oracle is used for high volume transaction processing and data warehousing while SQL Server is used for data marts and reporting. This means there is a lot of data integration and movement between systems. Kline points out:
data integration can mean different things. For example, on the front end you might have people who are doing mash-ups of SQL Server data and Oracle data and they bring it all together on one UI [user interface] either through Software as a Service or through their high-end Web 2.0 applications. On the back end, you also see a lot of different kinds of situations in which Oracle and SQL Server data is being pumped into a data warehouse and that's all being consolidated into a single [business intelligence] solution that enables the company to make better decisions.
These scenarios adds to the complexity of database security.
For starters, the extraction, transformation and load (ETL) process can be a weak link. Data is that locked down in an Oracle database, maybe even with fine grained access controls, is often read by a database user with liberal select privileges. The ETL operation may stage data on another server as it merged and prepared for loading into a data warehouse, OLAP cube or other reporting database so the staging server needs to be locked down.
Then there are access control challenges in the reporting system. For example, we have to design reporting applications so that data inaccessible to a manager in the OLTP system is also inaccessible in the data warehouse. Keeping access controls in synch becomes a priority in these kinds of applications. In theory this shouldn't be too difficult but in practice I often see different groups responsible for the different databases.
Database security, in practice, is a lot more than patching listeners, applying roles and limiting privileges. There is a lot of need for coordination between DBAs and database designers, too.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
