UC Data Warehousing Big Data and Green Computing Research Paper

To continue, in Internet Explorer, select FILE then SAVE AS from your browser’s toolbar above. Be sure to save as a plain
text file (.txt) or a ‘Web Page, HTML only’ file (.html). In FireFox, select FILE then SAVE FILE AS from your browser’s
toolbar above. In Chrome, select right click (with your mouse) on this page and select SAVE AS
EBSCO Publishing Citation Format: APA (American Psychological Assoc.):
NOTE: Review the instructions at http://support.ebsco.com/help/?int=eds〈=&feature_id=APA and make any
necessary corrections before using. Pay special attention to personal names, capitalization, and dates. Always
consult your library resources for the exact formatting and punctuation guidelines.
References
Warigon, S. (1998). Data warehouse control & security. Internal Auditor, 55(1), 54.
DATA WAREHOUSE CONTROL & SECURITY
With this seven-step program, you can have it all: empowered information processing and
prudent security.
IMAGINE YOUR ORGANIZATION HAS JUST built its data warehouse. It’s fabulous! You can access
corporate data when you want it, in whatever form you desire, and where you need it. As a result, you
can solve dynamic organizational problems or make important decisions. You’re no longer frustrated
with the inability of the information systems department to respond quickly to your diverse needs for
information. In the new data warehouse environment, you have the information processing world by the
tail, and you’re exceedingly thrilled by it all!
Suddenly, a paranoid thought creeps into your head: What is your organization doing to identify, classify,
quantify, and protect its valuable information assets? You pose this question to the data warehouse
architects and administrators. They tell you not to worry, because the built-in security measures of your
data warehouse environment could put U.S. Department of Defense systems to shame. Somewhere
along the line, however, you sense that they may not be completely objective. As a respectable auditor,
you put on your hacking hat and go about the process of finding the answers to your questions.
As a general user, you easily manage to access some powerful user tools that were presumably
restricted to those users given unlimited access privileges. The tools allow you to issue complex queries
that access numerous data, consume enormous resources, and slow system response time
considerably. Your trusted friend, a reformed hacker, is also able to access sensitive corporate data
through the Internet without much ado. He reports to you your exact salary, birth date, social security
number, and the date of your last performance evaluation–among other things.
It’s obvious. Your organization, like most, is doing little or nothing to protect its strategic information
assets! Your data warehouse administrators could not pinpoint the causes of recent system problems
and security breaches until you showed them the shocking results of your efforts. Only then did they
admit that security was not a priority during the development of the data warehouse. Inebriated with the
need to complete the data warehouse project on time and within budget–not to mention getting
impatient users off their backs–they hardly gave security requirements a passing thought.
Poof! Your euphoric excitement about the new data warehouse vanishes into the thick air of security
concerns hovering over your valuable corporate data. As a diligent corporate steward, you realize that it
is high time for a data warehousing reality check.
WHAT IS DATA WAREHOUSING?
A data warehouse (DW) is a collection of integrated databases designed to support managerial
decision-making and problem-solving functions. It contains both highly detailed and summarized
historical data related to various categories, subjects, or areas. All units of data correspond to specific
time frames, such as October 1995 data, 1995 data, or 1990-1998 data.
The DW is an integral part of the enterprise-wide decision support system. It does not ordinarily involve
data updating, but empowers end-users to access data and perform analyses. The g eliminates the
need for the is department to perform informational processing for end-users. It also provides other
competitive advantages for the organization, such as fostering a culture of information-sharing; enabling
employees to effectively and efficiently solve dynamic organizational problems; minimizing operating
costs and maximizing revenue; attracting and maintaining market shares; and minimizing the impact of
employee turnovers.
For instance, the internal audit functions of the multi-campus University of California have built a DW to
facilitate the sharing of strategic data, best audit practices, and expert insights on a variety of control
topics. Auditors can analyze the DW data to make well-reasoned decisions, such as those involving
cost-effective solutions to various internal control problems. Marrying DW architecture to artificial
intelligence or neural applications also facilitates highly unstructured decision-making by the auditors.
This capacity promotes timely completion of audit projects, improved quality of audit services, lower
operating costs, and minimal impact from staff turnover. “Progress through sharing” is implicit in the DW
design.
The security requirements of the DW environment are not unlike those of other distributed computing
systems. Therefore, having an internal control mechanism to assure the confidentiality, integrity, and
availability of data in a distributed environment is of paramount importance.
Unfortunately, as underscored in the introductory scenario, little consideration may be given to security
during the development phase of data warehouses. Achieving proactive security requires a sevenphase process that involves: (1) identifying data, (2) classifying data, (3) quantifying the value of data,
(4) identifying data security vulnerabilities, (5) identifying data protection measures and their costs,(6)
selecting cost-effective security measures, and (7) evaluating the effectiveness of security measures.
These phases make up the enterprise-wide vulnerability assessment and management program.
1 IDENTIFYING THE DATA
The identification of all digitally stored data placed in the DW is an often ignored, yet critical, step in
providing DW security, especially since this process forms the foundation upon which subsequent
phases depend. A complete inventory should be taken of all the data available to DW end-users. The
installed data monitoring software–an important component of the DW–can provide accurate
information about all databases, tables, columns, rows, and profiles of data residing in the DW. It also
shows who is using the data and how often.
Identifying the data manually requires preparing a checklist of this information. Whether the required
information is gathered through an automated or a manual method, the collected information needs to
be organized, documented, and retained for the next phase.
2 CLASSIFYING THE DATA
Classifying all the data in the DW environment is requisite to prudently satisfy security requirements for
data confidentiality, integrity, and availability. In some cases, data classification is a legally mandated
requirement. Performing this task requires the involvement of data owners, custodians, and end-users.
Data is generally classified into the following three classes, based on criticality and sensitivity to
disclosure, modification, and destruction.
PUBLIC, OR LEAST SENSITIVE DATA, is usually unclassified and subject to public disclosure by laws,
common business practices, or company policies. DW end-users at all levels can access this data,
which might include audited financial statements, admission information, and phone directories, for
example.
CONFIDENTIAL, OR MODERATELY SENSITIVE DATA, is not subject to public disclosure. The
principle of “least privilege” applies to this data classification category, and access to the data is limited
on a need-to-know basis. Users can access this data only if it is needed to perform their work
successfully. Examples of confidential data might include personnel/payroll information, medical history,
and investments.
TOP SECRET, OR MOST SENSITIVE DATA, is highly sensitive and mission-critical. The principle of
“least privilege” also applies here, with access requirements much more stringent than those regarding
confidential data. Only high-level DW users, such as those with unlimited access, can view this data,
and then only with proper security clearance. Users can access only the data needed to accomplish
their critical job duties. Top Secret Data might address research and development, new product lines,
trade secrets, and recruitment strategies, for example.
Some have suggested that the use of military classifications, such as confidential and top secret, should
be avoided since many problems are associated with adapting these words to other purposes. Military
classification rules carry several access control implications that rarely apply to the commercial
information security environment. Military classification levels leverage data control against the judged
trust of specific individuals. No true analog to this activity exists in the business environment.
The universal goal of data classification is to rank data by increasing degrees of sensitivity so that
different protective measures can be used for different categories. This task may not be so simple as it
seems, however. Certain data represents a mixture of two or more categories depending on the context
used; and time, location, and laws may be factors. Determining how to classify such ambiguous data is
both challenging and interesting.
In addition, organizations should not classify data unless they can really control access to it. Labels may
make an attacker’s job easier by pointing directly to the most valuable information. Also, poorly designed
systems may force data with different classifications into different storage areas, making sensitive data
easier to lose and more difficult for busy users to find when needed.
3 QUANTIFYING THE VALUE OF DATA
In most organizations, senior management demands to see the “smoking gun”–cost versus benefit
figures or hard evidence of committed frauds–before committing corporate funds for security initiatives.
Cynical managers will be quick to point out that they deal with “hard reality,” not soft variables concocted
by radical paranoids. Quantifying the value of sensitive data that warrants protective measures may be
as close to the smoking gun as one can get for triggering senior management’s support and
commitment to DW security initiatives.
In the quantification phase, a “street value” is assigned to data grouped under different sensitivity
categories. By itself, data has no intrinsic value. However, the value of data is often measurable by the
cost to (1) reconstruct lost data, (2) restore the integrity of corrupted, fabricated, or intercepted data, (3)
not make timely decisions due to denial of service, or (4) pay financial liability for public disclosure of
confidential data. The data value may also include lost revenue due to leakage of trade secrets to
competitors and advance use of secret financial data by rogue employees in the stock market.
Measuring the value of sensitive data is often a Herculean task, but some organizations rely on simple
procedures. They build a spreadsheet application utilizing both qualitative and quantitative factors to
estimate the “annualized loss expectancy” (ale) of data at risk. For instance, if it costs $10,000 annually,
based on labor hours, to reconstruct top secret data with an assigned risk factor of 4, then the company
should expect to lose at least $40,000 a year if this top secret data is not adequately protected.
Similarly, if it’s possible for an employee to sue the company and recover $250,000 in punitive damages
for public disclosure of privacy-protected personal information, then the liability cost plus legal fees paid
to the lawyers can be used to calculate the value of the data. The risk factor, or probability of
occurrence, can be determined arbitrarily or quantitatively. The higher the likelihood a particular unit of
data will be attacked, the greater the risk factor assigned to that data set.
By measuring the value of strategic information based on the accepted classifications, organizations can
determine how much they can save by properly protecting the assets, or how much could be lost
annually if no protective action is taken.
4 IDENTIFYING VULNERABILITIES
The fourth phase requires that vulnerabilities associated with the DW environment be identified and
documented. Common vulnerabilities of a DW might include:
BUILT-IN DBMS SECURITY Most data warehouses rely heavily on built-in security that is primarily
view-based. View-based security requires the database administrator to define the specific data that can
be seen and manipulated by end-users only through a “view” or “window” established by the
administrator. View-based security is inadequate for the DW, because it can be easily bypassed by a
“direct dump” of data outside the controlled perimeter of the established view or window. It also does not
protect data during the transmission from servers to clients, thus exposing the data to potential
unauthorized access. Furthermore, the security feature is ineffective because the activities of end-users
are largely unpredictable in the DW environment.
DBMS LIMITATIONS Not all database systems housing DW data are capable of concurrently handling
data of different sensitivity levels. Most organizations, for instance, use one DW server to process both
top secret and confidential data at the same time. However, the programs handling top security data
may not prevent leakage of the data to the programs handling the confidential data. Such breaches may
allow DW users to access top secret data, even though the users are only authorized to access
confidential data.
DUAL SECURITY ENGINES Some data warehouses combine the built-in DBMS security features with
the operating system access control package to satisfy their security requirements. Using dual security
engines tends to present opportunity for security lapses and exacerbates the complexity of security
administration in the DW environment.
INFERENCE ATTACKS Different access privileges are granted to different DW users. All users can
access public data, but only a select few would presumably be able to access confidential or top secret
data.
Unfortunately, general users can obtain protected data by inference without having direct access to the
protected data. Sensitive data is typically inferred from seemingly non-sensitive data. For example, if an
individual does not appear on the non-confidential Dean’s List, that person’s GPA, which is confidential
data, can be inferred to be less than the qualifying 3.4. Carrying out direct and indirect inference attacks
is a common vulnerability in the DW environment.
AVAILABILITY FACTOR Availability is critical to the shared access philosophy of the DW architecture.
However, if not carefully considered, the availability requirement can conflict with or compromise the
confidentiality and integrity of DW data.
HUMAN FACTORS Accidental and intentional acts, such as errors, omissions, modifications,
destruction, misuse, disclosure, sabotage, fraud, and negligence, account for most of the costly losses
incurred by organizations. These acts adversely affect the integrity, confidentiality, and availability of the
DW data.
INSIDER THREATS As DW users, employees represent the greatest threat to valuable data.
Disgruntled employees with legitimate access can leak secret data to competitors and publicly disclose
confidential human resources data. Rogue employees can also profit by using strategic corporate data
in stock market exchanges before such information is released to the public. These activities cause
strained relationships with business partners or government entities; loss of money due to financial
liabilities; loss of public confidence in the organization; and loss of competitive edge.
OUTSIDER THREATS Competitors and other outside parties pose threats similar to those of unethical
insiders. Outsiders can engage in electronic espionage and other hacking techniques to steal, buy, or
gather strategic corporate data from the DW environment. Risks from these activities include negative
publicity, which decimates the ability of a company to attract and retain customers or market shares, and
loss of continuity of DW resources, which negates user productivity. The resulting losses from outside
attacks tend to be higher than those from inside threats.
NATURAL FACTORS Fire, water, and air damage can render both the DW servers and clients
unusable. Risks and losses vary from organization to organization, depending mostly on location and
contingency factors.
UTILITY FACTORS Interruption of electricity and communication services causes costly disruption to
the DW environment. These factors have a lower probability of occurrence, but they tend to result in
excessive losses.
A comprehensive inventory of the vulnerabilities inherent in the DW environment should be documented
and categorized as major or minor threats. Such cataloging enables efficient completion of the next
phase.
5 IDENTIFYING PROTECTIVE MEASURES AND THEIR COSTS
Vulnerabilities identified in phase four must be evaluated so that appropriate, cost-effective protection
can be established. Protective measures for DW data might include:
THE HUMAN WALL Employees represent the front-line of defense against security vulnerabilities in
any decentralized computing environment, including the DW. Addressing employee hiring, training in
security awareness, periodic background checks, transfers, and termination as part of the security
requirements helps create a security-conscious DW environment. This approach effectively treats the
root causes, rather than the symptoms, of security problems.
USER ACCESS CLASSIFICATION DW users should be classified as General Access Users, Limited
Access Users, or Unlimited Access Users. These classifications will facilitate effective access control
decisions.
ACCESS CONTROLS An access controls policy based on principles of “least privilege” and “adequate
data protection” should be developed. Effective and efficient access control restrictions should be
enforced, so that end-users can access only the data or programs for which they have legitimate
privileges.
Corporate data must be protected to the degree consistent with its value. Users need to obtain security
clearance before they are granted access to sensitive data. Also, access to sensitive data should
require more than one authentication mechanism. These access controls minimize damage from
accidental and malicious attacks.
INTEGRITY CONTROLS A control mechanism should be used to (1) prevent all users from updating
and deleting historical data in the DW; (2) restrict data “merge access” to authorized activities only; (3)
immunize the DW data from power failures, system crashes, and corruption; (4) enable rapid recovery
of data and operations in the event of disasters; and (5) ensure the availability of consistent, reliable,
and timely data to the users. These goals are achieved through os integrity controls and well tested
disaster recovery procedures.
DATA ENCRYPTION Encrypting sensitive data in the DW ensures that the data is accessed on an
authorized basis only. This nullifies the potential threat of data interception, fabrication, and modification.
It also inhibits unauthorized dumping and interpretation of data, and it enables the secure authentication
of users. In short, encryption ensures the confidentiality, integrit…
Purchase answer to see full
attachment