We’ve heard it already, security in the cloud has become an important thing so when EnterpriseDB has released a new security suite for PostgreSQL our ears perked up. Notably because we’ve been watching EMC and their move to enable the open-source cloud—to do so, they acquired Greenplum who happen to leverage Postgres to realize this. PostgreSQL is a powerful, open-source database suite that competes with corporations such as Oracle and systems like MySQL.
Security in the cloud has been reported primarily as a problem for consumers being lax with their information and getting fleeced, but corporations also need to concern themselves with their own security. Databases, the very warehouses that store the valuable data about customers, are juicy targets for malicious hackers and Internet Hole In the Wall gangs out to rob the Pony Express of Big Data.
Outlined over at Internet.com, One way that they do this involves a tactic called “SQL injection attacks,” and the EnterpriseDB security suite looks to help harden databases against this problem,
SQL injection attacks are among the most common type of database attack. Typically the approach taken by security vendors to secure against SQL injection is to implement some form of input sanitation procedure. IBM recently announced a new SQL injection technology that can help developers mitigate issues at the coding level.
Schumacher explained that the way EnterpriseDB’s SQL/Protect works is by first analyzing a PostgreSQL database installation to see what is considered to be normal behavior. He added that there is a role based setup that can enable an administrator to watch a set of users and then monitor the SQL activities from certain users or roles.
“It learns what is normal for your server and once it learns those patterns you can set either a passive or active mode,” Schumacher said. “Passive mode issues warnings but won’t stop SQL from executing while the active mode will actually block a SQL injection attack.”
The reason why it’s good to see security suites being developed and deployed for PostgreSQL is that EMC recently launched a Greenplum open source community edition of their data warehousing software. The product is looking good and will certainly extend the usefulness of cloud-storage and -computing into industries that might not have been able to run their own cloud-based data software. Home grown solutions (even those founded on open-source) still take a great deal of maintenance and expertise to run in order to keep the users safe from Internet hazards and criminals.
The need for high capacity data warehousing that can be taken in house is exceeding boundaries in the industry right now so its presence has certainly becomes an easy target for the picking. Products like the EnterpriseDB Postgres tools should help harden security for those who go that route.