In February 2013, New York has
started on a database project with a non-profit technology organization, inBloom,
to create a statewide database system that stores student information on to the
cloud. The project is expected to go live by March 2014. The mission of the system
is to improve education technology. Features of the system include the ability
to track student progress, personalize instruction, and easy parental access. For
example, from applying this database, parents will have greater and easier interaction
with their children’s academic career, and the schools will also be able to
identify students who are in danger of not graduating. However, this innovative
gesture faces unsatisfied parents, they refuse to use the system due to concerns
about the information security and privacy.
Before addressing the public
concerns, we should understand the reason for using a database system. Database
systems tolerates high flexibility in the environment of growing data, it also
allowing users to manipulate and extract desiring queries while operates at a
lower cost comparatively to traditional systems. In short, users are able to
preform data analysis on massive data sets in an efficient and less expensive
way. In this case, the database will be serving education purposes – The portal
“offers educators, students and their families the ability – for the first time
– to view and verify information and data,” said Ken Wagner, associate state
education commissioner (New York Parents Furious at Program, InBloom, That
Compiles Private Student Information for Companies That Contract with It to
Create Teaching Tools).
Although database system sounds
like the “way to go,” it has its downfalls such as vulnerable information
security. Since database contains large quality of data, it becomes a key
target for cybercriminals to attack and plunder data. An article in relation (The Top Ten Most Common Database Security
Vulnerabilities – Charlie Osborne) addressed the common issues of database
security. From the article, we can analyze the details of a database and gain
insights about the security concerns. The top ten vulnerabilities includes:
1.
Deployment Failures
A common problem of database is the lack of care at the moment of data
deployment. Many databases are tested for their proper function, but few are
tested for things they should not do.
2.
Broken Database
The SQL Slammer worm of 2003 was able to infect thousands of vulnerable
database systems within minutes. The worm was able to take advantage of a bus
that was found in the Microsoft’s SQL database software system. Few businesses
installed a fix for the bug. As a result, the worm damaged 90 percent of the
databases. However, due to the lack of time or resources, many businesses today
still do not regularly patch their systems.
3.
Data Leak
Many businesses considers database as back end software, and is secure
from the Internet threats. Therefore, not encrypting and secure the system.
However, database has contains networking interface, which hackers are able to
make their attempts.
4.
Stolen Database Backups
Although external factors are a major threat to businesses, internal
factors such as theft were also a common cause of information leak.
5.
The Abuse of Database Features
A research shows that over the past three years, every database exploit
has been based on the misuse of a standard database feature. For example, a
hacker can gain access through legitimate credentials before forcing the
service to run arbitrary code.
6.
A Lack of Segregation
From distributing the administrator and user powers, as well as duties,
it will become more difficult for internal fraud or theft.
7.
Hopscotch
Rather than gaining complete access to a database in the first stage,
cybercriminals often play a game of Hopscotch – finding a weakness inside the
infrastructure that can be used as leverage for more serious attacks until
reaching the back-end database system.
8.
SQL Injections
Applications are attacked by
injections of unclean variables and malicious codes, which are inserted into
strings and passed to an instance of SQL server for parsing and execution.
9.
Sub-standard Key Management
Research found many encryption keys are stored on company disk drives.
Leaving these important keys in an unprotected state can leave systems
vulnerable to attack.
10. Data
Inconsistencies
Inconsistencies are a common
thread that brings all vulnerabilities together. It is an administrative
instead of a database technology problem.
These are the ten most common
database vulnerabilities. However, I believe there are actions that can prevent these problems. Businesses can to develop a consistent
practice to look after databases systems for vulnerabilities and threats. Actions such as documentation and automation tracking can improve and ensure the
security of the information contained within the system. In addition, applying limitation, distribution, and segregation powers to both internal administrations and external users will also prevent threats. Although the process
may be costly, the outcome is also rewarding. If enterprises can commit to
resolve these database issues, I believe we can see more success in the New
York and inBloom project.
On the other hand, information
privacy may be another crucial factor that comes between the project’s
successes. Who and of what purpose will businesses be granted with the access
to the student information? How much of the individuals’ information will they
be granted? This is a discussion we can expect to learn in the future, which are
currently being addressed by the parents and their lawyers.
Works Cited
Chapman, Ben, and Corrine Lestch. "New York Parents Furious
at Program, InBloom,
That Compiles Private Student Information for Companies That
Contract with It
to Create Teaching Tools." NY Daily News. New
York Daily News, 13 Mar. 2013. Web. 01 Feb. 2014. <http://www.nydailynews.com/new-york/student-data-compiling-system-outrages-article-1.1287990>.
Lane, Adrian. "What Is Big Data?" Dark Reading.
Dark Reading, 07 Dec. 2012. Web. 01
Feb. 2014.
<http://www.darkreading.com/views/what-is-big-data/240144074>.
Osborne, Charlie. "The Top Ten Most Common Database Security
Vulnerabilities." ZDNet. Zero Day, 26 June 2013.
Web. 01 Feb. 2014.
<http://www.zdnet.com/the-top-ten-most-common-database-security-vulnerabilities-7000017320/>.
Walsh, George M. "NY Parents, Districts Worry about Database
Privacy." The Wall
Street Journal. Dow Jones &
Company, 15 Dec. 2013. Web. 01 Feb. 2014.
<http://online.wsj.com/article/AP13ee0bb213b542be859cec885b1ab857.html?KE
YWORDS=database>.
No comments:
Post a Comment