The GDPR is not the stuff of nightmares and it should not be keeping you up at night. By systematically addressing the right questions and using appropriate technology a compliant data landscape is perfectly achievable.
GDPR is perhaps the biggest bugbear causing sleepless nights for many IT managers right now across Europe.
Fines of up to 20,000,000 EUR or 4% of the annual worldwide turnover significantly support the “uncertainty factor” about whether your company is ready for the 25th of May when GDPR becomes effective.
First you will have (had) to answer the “Where question”: Where is your data, the “What question”: What is your data and finally the “Who question”: Who can access your data?
Having done that you will be focusing on all systems and applications that manage data including of course, relational database management systems.
So, what are the technical areas of interest in the context of database management systems and GDPR? These are mainly (but not exclusively):
- Controlling who accesses your data: Authentication
- Knowing what data was accessed: Monitoring
- Protecting your data: Encryption of data in rest and in motion
- Managing Data Access: Fine-grained Authorization (object and row level security)
- Managing physical and technical incidents: Availability, Backup and Disaster Recovery
1) Controlling who accesses your data: Authentication
Authentication of users plays a key role in addressing many important data protection principles.
Typically in most customer IT infrastructures many different authentication mechanisms are in place. Some applications authenticate against local user repositories, Windows client leverage an Active Directory Server and other systems authenticate against additional proprietary Systems.
Having such a multitude of different authentication mechanisms and locations increases the risk of security incidents. Every authentication mechanism exposes its own weak points and requires dedicated attention: so every authentication technology requires experts that carefully manage and maintain them.
By replacing multiple, weakly protected gateways vulnerable to attackers with a strongly monitored and maintained centralized authentication service you benefit from having one highly protected solution.
A typical solution is a Kerberos based centralized authentication supported and provided by Microsoft’s Active Directory Server. Having only one centralized authentication gateway simplifies the task of raising the bar and increasing your security by introducing a 2 factor authentication for example.
Quick Tip: Enable centralized, e.g. Kerberos-based, authentication to centrally manage access. Manage you Kerberos infrastructure thoroughly and carefully.
2) Knowing what data was accessed: Monitoring
In order to detect breaches and to figure out who accessed what data, comprehensive system monitoring/auditing should be enabled.
Exasol provides comprehensive auditing information about every database access.
Quick Tip: Enable fine-grained database auditing.
3) Protecting your data: Encryption of data in rest and in motion:
Unauthorised access to sensitive data from your disk storage system in particular, including backups, can be easily prevented by encrypting your data or disk storage.
It is also important to protect your data in motion when it is being transferred from your database system to your client for example.
Exasol provides a means for both, encrypting your data in rest (on disk) and in motion (through the network).
Quick Tip: Enable and enforce encryption of your data in rest and in motion.
4) Managing Data Access: Fine-grained Authorization (object and row level security)
Object level (roles and rights)
A standard mechanism to manage access in database systems is to define an appropriate high level authorization policy based on database role memberships and object-level permissions. By using such a role and rights management system, large amounts of users can be easily managed.
This simplification can often lead to a situation where lots of users have too many access rights as the role hierarchy is too “coarse-grained” – too vague . Thus, as a first measure all these rights should be thoroughly reviewed.
Quick Tip: Scan for granted user rights and eliminate unwarranted access. Set up a role and right hierarchy that ensures that all users just see what their business roles require.
This concept is well understood but it is still very “coarse-grained” as it just manages access on an object level, i.e. a whole database schema or a database table. For a more fine-grained data access management system, Row and Column level permissions should be configured.
Row level security and column level security
The most important building blocks for fine grained access management in database systems are Row-Level Security (RLS) and Column level security (CLS).
With RLS you control access to rows in a database table based on the characteristics of the user executing a query. Using RLS only allows users with a specific need to access data in a database row. For example, clerks of an insurance company can only see clients assigned to their departments.
With Column Level Security fine grained security can be improved further. Following on from our insurance company scenario: column level security can restrict access to parts of a dataset, for example a clerk could see all of a customer’s data excluding their full credit card number so the clerk just sees the last three digits: XXX-XXX-XXX-123 whereas a specific few in the billing department can see the full card number when they access this same data set.
Exasol provides CLS and RLS based on it’s powerful data virtualization framework that intercepts queries and analyzes the user context before returning the data. Additionally, Exasol supports Pre-processor scripts which programmatically modify incoming SQL statements and User-defined functions which implement custom features such as column-based encryption/obfuscation within the Exasol database.
Furthermore, RLS and CLS can simplify the design and coding of access management and security within custom applications as the access restriction logic is executed in the database rather than away from the data in the user facing applications. Every time that data access is initiated from any tier the restrictions are applied. Centralizing access logic makes the security system more robust.
Quick Tip: Leverage CLS and RLS for fine grained access management for sensitive data.
For an all-encompassing alternative to Exasol’s powerful, built-in CLS and RLS capabilities, you can also use a centralized data security suite like Protegrity that spans all of your applications and databases within your IT infrastructure.
5) Managing physical and technical incidents: Availability, Backup and Disaster Recovery
Backup and disaster recovery is an area quite often neglected when discussing GDPR compliance, despite being an essential part of the discussion
The GDPR Article 33. 3. contains the following sections regarding this topic:
“(c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
(d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.”
To satisfy the above requirements it is important to set yourself the following target values: Recovery Time Objectives (RTO) which define how quickly you have to be back up and running after an outage, and Recovery Point Objectives (RPO) which specify the maximum targeted period in which data might be lost from an IT service due to a major incident.
Quick Tip: Review your business continuity and disaster recovery strategy to ensure compliance with GDPR. Review or define your Recovery Time Objectives (RTO) and your Recovery Point Objectives (RPO)
For High Availability, Backup and Disaster Recovery Exasol provides powerful out-of the -box capabilities that work on many different levels.
- Exasol supports fail safety via redundancy. Clusters can be equipped with spare machines so that if a live machine in the cluster goes down due to hardware failure, one of the spare machines is up and ready to replace the failed machine in seconds.
- For disaster recovery, Exasol supports synchronous dual data center setups where one cluster can be “stretched” across two data centers. If the active data center goes down, the second data center can quickly take over operations.
- Exasol supports incremental online backups during normal operation and also explicitly scheduled backups. All data (and backup data) is stored redundantly so that the failure of machines in the cluster does not affect data integrity.
When you break it down, GDPR is not the stuff of nightmares and it should not be keeping you up at night. By systematically addressing the right questions and using appropriate technology a compliant data landscape is perfectly achievable. Based on powerful, built-in security features and integration with leading security/GDPR software, Exasol is a secure and reliable component to include in your GDPR compliant enterprise IT architecture and infrastructure. An enterprise-ready database system needs flexibility, connectivity, scalability and security and in the case of Exasol you get all of these features as well as the world’s fastest in memory analytic database.
You will find more technical details about Exasol in our whitepaper: “A peek under the hood”.