Aiven Blog

May 17, 2019

5 best practices for cloud database management

Check out this blog post from our guest writer, Gilad David Maayan, covering 5 best practices for cloud database management.

In a world in which information has become a critical currency for individual, organizational, and global advancement, databases have turned into data bank accounts. Like regular bank accounts, databases require proper security and maintenance.

While databases can be operated on-premise, 95% of U.S-based organizations have chosen to migrate most of their applications and infrastructure to the cloud. A cloud database contains data, either in structured or unstructured formats and can be located on a public, private or hybrid cloud platform.

As the global exchange of data grows exponentially with the number of devices and systems that transmit and create data, the strain on databases increases. The more data the organization acquires, the more controls are needed to operate the flow of data.

What is database management?

Database management encompasses any action taken for the purpose of organizing, maintaining, and analyzing data processes. Database management helps organizations control data and give it meaning at any stage of the data lifecycle.

Database management tasks often cover some or all of the following objectives:

  • Performance—monitor the performance of data-driven applications.
  • Storage optimization—plan and monitor data storage capacity.
  • Efficiency—monitor data through all the lifecycle stages and optimize for efficiency.
  • Security—implement security controls to protect the data such as encryption and tokenization.
  • Privacy—protect sensitive data and ensure compliance with data regulations.
  • Analysis—integrate with big data tools to generate business intelligence reports.

Nowadays, database management systems cover many tasks and compliment the overall data infrastructure of the organization. Organizations can choose a ready-made database management system, or create a customized solution according to their requirements.

The 5 best management practices

To effectively develop, monitor, and manage the database infrastructure, organizations often implement a number of methods. Usually, the organization uses one or more database management system (DBMS) software programs that serve as the core foundation of the data infrastructure.

The two most popular open source database management systems are:

  • MySQL—a relational database management system (RDBMS) that organizes related data in a row-based table structure.
  • PostgreSQL—an object-relational database management system (ORDBMS) organizes data according to objects and classes.

While the two systems have free versions, organizations looking for added functionalities can choose from the various enterprise versions of MySQL, or one of the available Postgres management solutions.

1. Design a cloud data management strategy

A cloud data management strategy serves as a roadmap that illustrates all the components in the overall cloud data management infrastructure.

The ideal would be to create a strategy before migrating any organizational resources to the cloud, to ensure that the cloud architecture fits the needs of the organization. While one organization may benefit from a quick architecture such as the “lift and shift”, others may prefer to scale on a budget through the “drop and shop” architecture.

A cloud data management strategy contains the fundamental principals of the management of the data and can help organizations standardize every aspect of data management. From performance, efficiency, security, and privacy, to analysis and business intelligence (BI). Once you set up a strategy for the ongoing operations of the data, control becomes an integrated cog in your data machine.

2. Encrypt and tokenize data at rest

The term data at rest refers to inactive data that lies unused in storage. While inactive data may not seem important enough to warrant information security expenses, data at rest is often targeted by cybercriminals. Data at rest contains information that may expose the location of sensitive information such as personal and financial information, healthcare information, and trade secrets.

Organizations can implement two measures of security methods to protect data at rest:

3. Secure data with identity and access management (IAM)

Identity and access management (IAM) standardizes the procedures the organization implements to ensure only authorized parties can gain access to company-owned resources.

IAM enables the management of user roles according to the following criteria:

  • Role—who is the user?
  • Access—what systems can the user gain access to?
  • Privileges—what level of use is the user allowed?
  • Behavior—under which circumstances a user will be denied access?

IAM provides organizations with the control needed to ensure data is secure from unauthorized parties. IAM helps companies prevent the theft of trade secrets by stripping ex-employees of their privileges. Additionally, a company can use IAM to protect against outward attacks by setting up controls that prevent cybercriminals from gaining access to the data. Examples of dedicated IAM tools:

  • Active Directory (AD)—a popular directory service offered by Microsoft.
  • Biometric authentication—grants or denies access to privileges based on biometric characteristics such as iris and retina, fingerprints, and facial features.

4. Protect data in transit with encryption and VPN

The term data in transit refers to data that actively moves between locations across networks, storage repositories, and the Internet. While the data travels from one location to another it is vulnerable to attacks. Cybercriminals can intercept the data during that time and steal valuable information. Here are the two common methods of protecting data in transit:

  • Encryption—you can encrypt the data before moving it, use encrypted connections such as HTTPS and SSL for secure data transit, or preferably cover all bases by implementing both methods.
  • Virtual Private Networks (VPN)—serve as secure digital tunnels for the online transit of data between locations. VPNs often combine multiple encrypted connections and encryption protocols to create secure virtual Peer to Peer (P2P) connections. Organizations can either use a VPN software or create their own VPN tunnels.

5. Monitor database management tasks with automation

Delegating database management tasks to automation systems help data professionals prioritize tasks in an efficient manner. Instead of performing low-level tasks, database professionals can set up an automation system that clears up time and energy for the more important and complex areas of their work. Automation can be configured to a variety of objectives, such as:

  • Reporting—set up a reporting system that sends you alerts when specific behaviors are triggered.
  • Database testing—replace manual tests with automation features that monitor database schema, data integrity, and perform repetitive database testing cycles.
  • Integration—create an automation system for repeated integration tasks.

Different database Management systems offer different features and levels of customization. Ensure you choose a system that fits your needs and integrates well with your resources.

Wrapping up

Database management is a complex but rewarding job. Done right, database management can provide a comprehensive solution for maintaining, protecting, and analyzing the company data. Better database management translates into better analytics.

Database management is in charge of sorting through the vast amounts of data and turning it into meaningful and useful information that helps increase sales, improve productivity, and promote innovation.


Further reading

Data security compliance in the cloud - how Aiven approaches security issues.

Related resources