Information Security [UGCA1948]
(Database Integration and Secrecy)
Mapped with CO3
Objective
Database Integration and Secrecy
Database Integration: Database integration refers to the process of connecting different databases and
systems to work together in a cohesive manner. This can include linking databases within an
organization or integrating external databases, such as cloud-based services, into an organization's
internal systems.
Key aspects of Database Integration include:
Data Synchronization:
Ensures that data is consistent across different systems and databases. Changes made in one system
are reflected in others in real-time or in scheduled intervals.
Data Migration:
The process of transferring data from one database to another, often due to system upgrades,
mergers, or the adoption of a new database technology.
ETL (Extract, Transform, Load):
This process involves extracting data from source systems, transforming it into a suitable format, and
loading it into a target system or database. ETL is often used in data warehousing and integration
projects.
Database Federation:
Allows multiple databases to be accessed as if they were a single database, typically through a
middleware layer or database management system that can query and combine data from various
sources.
APIs and Web Services:
�Database integration often involves the use of APIs (Application Programming Interfaces) and web
services to enable different systems to communicate and exchange data in a standardized
manner. Cross-Platform Integration:
�Integrating databases that run on different platforms, such as SQL databases with NoSQL databases, or
on-premises databases with cloud-based databases, requires specialized tools and techniques.
Middleware:
Middleware systems are often used to facilitate the interaction between different databases, allowing
data to flow between them seamlessly without requiring deep modifications to the core systems.
Data Consistency and Integrity:
Ensuring that data remains accurate and consistent across systems is crucial in database integration.
Techniques like transactional integrity (ACID properties) and conflict resolution mechanisms are
important for maintaining data integrity during integration.
Database Secrecy (Confidentiality and Security): Secrecy in the context of databases refers to ensuring
that sensitive data stored in databases is protected from unauthorized access, tampering, or
breaches. It encompasses various practices, technologies, and policies designed to ensure the
confidentiality, integrity, and availability of data.
Key aspects of Database Secrecy include:
Encryption:
Data-at-Rest Encryption: Encrypts data stored in a database so that it is unreadable to anyone without
the appropriate decryption key.
Data-in-Transit Encryption: Ensures that data is encrypted while being transmitted over networks,
preventing interception by unauthorized parties. This is commonly done using SSL/TLS protocols.
End-to-End Encryption: In some cases, data is encrypted at the source and decrypted only by the
recipient, ensuring that even database administrators or anyone with access to the database
cannot read the data.
Access Control:
Role-Based Access Control (RBAC): Users are given access to the database based on their role within
the organization. This ensures that only authorized personnel can access sensitive data.
Attribute-Based Access Control (ABAC): Permissions are granted based on attributes (like user
�department, clearance level, etc.) rather than specific roles.
Granular Permissions: Specific permissions for different levels of data access (e.g., read, write, modify)
are set to limit exposure to sensitive information.
Database Auditing and Monitoring:
Tracking and logging database access, queries, and modifications help ensure accountability and
provide early detection of potential security breaches or unauthorized actions.
Real-time Monitoring: Continuously monitors database activities to detect suspicious behavior, such as
unauthorized access attempts or unusual query patterns.
Data Masking and Tokenization:
Data Masking: Replaces sensitive data with fictitious or obfuscated data while retaining the format and
structure of the original data. It allows testing and development without exposing real data.
Tokenization: Replaces sensitive data (e.g., credit card numbers) with a unique identifier (token) that
can be used in place of the original data without revealing it.
Database Firewall:
A database firewall helps protect against unauthorized access by filtering traffic based on defined
security rules. It can block malicious SQL injection attacks and other types of database-related exploits.
Database Encryption Keys Management:
Key Management: Proper management of encryption keys is essential for ensuring database secrecy.
Key management systems (KMS) securely store, rotate, and handle keys used to encrypt data.
Data Redaction:
Sensitive information such as personal identifiers or financial data is automatically redacted (hidden or
removed) from queries and reports to prevent exposure to unauthorized users.
Zero-Trust Security Model:
The zero-trust model assumes no one, whether inside or outside the organization, should be trusted by
default. Every access request to the database must be verified and authenticated, reducing the risk of
insider threats or breaches.
Backup and Disaster Recovery:
� Secure Backups: Ensuring that database backups are encrypted and securely stored is a key part of
maintaining database secrecy in case of data loss, corruption, or breach.
Disaster Recovery Planning: Having processes in place to quickly restore a database after a breach or
attack ensures business continuity while maintaining secrecy.
Combining Integration and Secrecy: When integrating databases, ensuring data secrecy becomes even
more critical. The following practices can help ensure both:
Secure APIs and Data Transfer Protocols: During integration, ensure that all communication between
systems is encrypted and that APIs used for data exchange are secured with authentication and
authorization mechanisms.
Data Anonymization: When combining data from various sources, sensitive data should be anonymized
or pseudonymized to reduce the risk of exposure during integration processes.
Compliance and Standards: Following industry standards (such as GDPR, HIPAA, or PCI DSS) for
database secrecy ensures legal and regulatory compliance while integrating data from different
systems.
Mapped with CO3
Video Reference:
YouTube link: https://www.youtube.com/watch?v=zBFB34YGK1U
Web link: https://www.tutorialspoint.com/computer_security/computer_security_elements.htm
https://www.techfunnel.com/information-technology/key-elements-of-computer-security/
https://www.geeksforgeeks.org/computer-security-overview/
Book References:
https://www.govinfo.gov/content/pkg/GOVPUB-C13-e4c7371bfafbe4abbf11594b6984850c/pdf/
GOVPUB-C13-e4c7371bfafbe4abbf11594b6984850c.pdf
You may refer to the following ppt and pdf also:
https://drive.google.com/drive/folders/17aIKtwBsQFkYtbtxMQDjorSADPRQI2pW?usp=sharing
