Security and the Data Warehouse: A Pragmatic Approach

Susan AndreArticles

By establishing a security strategy framework, organisations can ensure that data warehoused information is managed and accessed securely, but still effectively shared throughout the organisation.

"The strategic nature of a data warehouse places it at risk of security breaches, making it a desired target for hackers and disgruntled employees," says Susan Andre, MD of Sagent SA.

The effects of restricting or securing information in a data warehouse could be positive or negative. "The positive effect is that the value of the information is protected by implementing security. However, on the downside, restricting access too severely could reduce the potential value of the warehoused data."

By matching the purpose of the data warehouse with the possible uses of the information by various groups in the organisation, the appropriate level of security can be determined.

"The security plan should accommodate the diverse requirements of the different types of 'information consumers' by assigning role rights to groups of users," Andre says.

One place for security to be implemented is in the data warehouse management application. Security is integrated into the application and can be specific to the data accessed by the application and the functions of the application. The data warehouse management application should include a central point of security management and maintenance of data warehoused data. However the usual security mechanisms must still take effect as well: such as standard security at the operating system, network and database levels.

Andre maintains that companies need to determine the security requirements from users and place the primary focus on access. "In addition, firewalls, virus protection, encryption, physical and operational security, and systems administration all have their place, and must be part of an overall strategy."

She says companies need to use technologies which secure the data warehouse and which will:

Identify and authenticate all users of the system;
Achieve network management and control through a graduated system of access privileges: Who reads and writes what data and from what machines?
Provide audit trails for all users of the data warehouse. Who went where and why?
"Data warehouse security should ensure that only the right people have access to the right data at the right time," Andre points out.

To achieve this, an industry-standard authentication scheme, such as two-factor authentication (electronic encoded plastic token, swipe card device and password) should be used to enforce secure access.

There are various other ways to restrict users' access to confidential information. For instance, companies can restrict access to data for certain classes of users by using row level security and security tables. Security tables contain the values of each of the attributes that the user is permitted to access. These tables become the basis for all security views, roles or partitions that provide the physical implementation of the security plan. Authorisation control to this corporate data asset is a critical feature of the Warehouse management software.

"Management is ultimately responsible for achieving the delicate balance between security and efficiency. Most companies will elect to secure their data warehouses but by securing this corporate data asset it does not mean they have to impede efficiency," Andre adds.