Internet requirements set the stage for new database security designs

Internet requirements set the stage for new database security designs

Security in the Internet age is a two-way street: Agencies need to respect confidentiality while resisting unauthorized access.

With regard to databases, this manifests itself in several ways.

One strategy, called defense in depth, moves vital data as far as possible from access points. A typical arrangement uses intermediate databases to stage data, particularly data from legacy systems. In such a system, users have access to the front-end database and, through that database, can make queries of back-end systems. But they cannot directly access or modify those back-end systems.

The approach kills two birds with one stone. Staging the data from an intermediate server is simpler than rewriting your mainframe application for Web access. And the separation of the accessible data server from the inaccessible data store adds security.

Wild data

Mobile workers present another security concern. While supporting field personnel with chunks of database data, don't forget that the data is now out in the wild. You must take appropriate encryption precautions to keep that data secure and confidential, but these procedures should not interfere unduly with replicating the data to and from the mobile user.

Of course, databases themselves have a variety of security features, including internal encryption and authentication of users. Government databases must often have a National Security Agency rating of C2 or above'C2 being the minimum rating required by most government agencies.

Most of the major databases do have a C2 rating, including versions of IBM DB2 and those from Informix Corp., Oracle Corp. and Sybase Corp. And some versions of Informix , Oracle and Sybase databases have earned the more stringent B1 rating.

The situation for Microsoft Corp. products is a little more complicated. Windows NT 4.0 has the C2 rating, but the company's SQL Server does not.

'Because of the tight relationship between NT and SQL Server, Microsoft had felt that it wasn't necessary to pursue the C2 rating,' said Karen Watterson, editor of SQL Server Professional. But Microsoft recently announced that it is submitting SQL Server 7.0 to Science Applications International Corp. for C2 evaluation.

'Edmund X. DeJesus


  • 2020 Government Innovation Awards
    Government Innovation Awards -

    21 Public Sector Innovation award winners

    These projects at the federal, state and local levels show just how transformative government IT can be.

  • Federal 100 Awards
    cheering federal workers

    Nominations for the 2021 Fed 100 are now being accepted

    The deadline for submissions is Dec. 31.

Stay Connected