The Hybrid IT & Multi-Cloud trend has gained momentum, leading to increased popularity and adoption of NoSQL and cloud databases. One of the implementation challenges is the security of databases in distributed IT environments.
The flexibility, agility and scalability of hybrid IT and multi-cloud is a strong argument for companies to part with their outdated, comparatively rigid internal legacy structures. Business models such as e-commerce or digital services cannot be implemented otherwise. However, saying goodbye to well-known structures also requires a courageous leap into the higher complexity of distributed systems with their very individual mix of internal components and a wide variety of cloud services in individual cases.
Hybrid IT & Multi-Cloud: The Question Of Database Security
However, practically all of these scenarios have one thing in common: They are data-driven. Data is the heart and the engine of these business models. Therefore, databases play a crucial role in this context. One of the most critical questions is that of safety. And that in two senses. On the one hand, it concerns security against operational disruptions, i.e. failsafe, and on the other hand, the security of the data against spying and unauthorised access, i.e. the data security itself.
In complex, distributed IT environments, databases face a highly demanding requirement profile. They must have the ability to scale horizontally, be able to replicate without downtime, be able to cope with multiple cloud services, support analytics applications such as big data without the time-consuming detour via data warehouses, be able to be integrated into edge computing, and generally into modern IT infrastructures comfortable with their volatile containers and microservices. And all this fully, automatically and in real-time, without the need for manual intervention by database administrators during operation. In addition, there is a high granularity of access authorizations, which makes it easier for administrators to authenticate users securely and protect against unauthorised access.
This brief list shows that only NoSQL and cloud databases meet this profile, albeit to varying degrees. Only NoSQL databases are cloud and provider-agnostic since cloud databases are typically provided exclusively by a hyperscale. The vendor lock-in is genetically impregnated there and is therefore often incompatible with many companies’ security and compliance regulations.
Zero Downtime And Multi-Tenancy
On the other hand, NoSQL databases can potentially run independently in any private cloud or public cloud. But even here, there are differences. The guideline for this is the operator framework. It defines five consecutive automation levels for NoSQL databases. The highest level 5 (full automation) requires, among other things, the ability for cross datacenter replication (XDCR), i.e. unidirectional and bidirectional real-time image across multiple data centres or regions. A database that meets this level is not only cloud-agnostic but even infrastructure-agnostic. This means zero downtime for any necessary database changes and, at the same time, maximum reliability and availability during operation.
With the Virtual Private Cloud (VPC) option, NoSQL databases can also ensure multi-client capability in multi-cloud operation. A VPC usually has a reserved IP address range, isolated network resources and multi-dimensional access protection. As part of hybrid IT, companies receive their own, specially protected private cloud with their data stored in virtual machines and containers within a public cloud, provided the database supports this.
ALSO READ: Supply Chains: 5 Key Trends Shaping 2022