Data Storage and Acces

From DWH
Jump to: navigation, search



Requirements

The requirements with respect to data storage and access are:

  1. Provide a means for secure access
  2. We need to know who has seen which data when and how
  3. Audits on data access should be possible for users but also administrators


Solutions

The data we provide can be split up into 2 different types to ensure secure access to the data:

  • data meant to be used internally
  • data meant to be used externally


Internal vs External.png


Reasons for this difference are:

  • Level of aggregation of the data:
    • internally the data are not aggregated
    • externally they are aggregated to the highest level because of privacy issues
  • Technical access to the database:
    • internally every user has his own account
    • externally we use the same account for everybody
  • Exposure to the internet and security:
    • Only the highest aggregated data can be accessed from the outside world, the detailed data cannot be accessed in any way
    • The protection has to be a lot higher for the detailed data. Every communication to this data is blocked by firewalls
    • The data stored on the ‘external’ DB2 are accessible from the internal network, but the data stored on the ‘internal’
DB2 cannot be accessed from the outside


In order to monitor data access we use a combination of Guardium and DB2 temporal data management:

  • Guardium offers the most complete database protection solution for reducing risk, simplifying compliance
and lowering audit costs.
  • DB2 temporal data management technology enables companies to query historical, current, and future conditions in a
straightforward and efficient manner. The result is a simpler way to implement auditing and compliance initiatives


Data providers get a report indicating who has accessed data they provided. This way we achieve complete transparency.