[Yunhe Enmo Lecture Hall] Security Management and Control of Intelligent Database Operation and Maintenance

On May 27, 2021, Yunhe Enmo Lecture Hall was held at Sheraton Grand Hotel Hankou, Wuhan. This event invited many guests including Yangtze River Kunpeng Ecological Innovation Center, Tongji Hospital, Yunhe Enmo, and Hangzhou Tulz Company to share, and attracted about 150 industry customers from Hubei, Hunan, Jiangxi and other regions Representatives and database practitioners were present.

The theme of this event is "Data Value, Smarter Future", focusing on the data and database fields, how to select the localization of databases, how to manage and control databases without blind spots, and how to reduce the pressure on operation and maintenance in the face of numerous databases and massive amounts of data. To the unification of standard intelligent management and so on, all the guests made their own theme sharing.

Chen Bangyi, the founder of Hangzhou Tulz Information Technology Co., Ltd., shared the theme of data security-the security control of database intelligent operation and maintenance.

Insert picture description here


In the era of big data, application systems are becoming more and more complex. As the core and foundation of application systems, databases carry more and more key business systems and massive amounts of data. Faced with many complex business scenarios and data operators, how to ensure the security of enterprise data and improve the efficiency of data operations in the process of data management and control has become a key issue that needs to be solved urgently. Chen Bangyi gave his own answer in the sharing-based on CloudQuery Create a unified data security portal for the enterprise. In the current era of data blowout, the authorization management of the database is carried out in a unified manner to reduce the risks of operators and improve the efficiency of data operations.

Responding to the dilemma of efficiency and security faced by data operators, CloudQuery, from the perspective of the organization, comprehensively controls and analyzes the interaction between people (internal/external) and applications (self-research/purchasing) and the database. At the same time, CloudQuery uses one portal to integrate all data operations, auditing, authorization and other management and control functions, and accurately manages data across the entire link, which solves the hidden security risks such as data leakage caused by multi-port access in the traditional mode.

CloudQuery intervenes in enterprise data security governance through five core application scenarios.

Scenario 1: Integrated database client with separation of use/management

Based on the 2/8 principle, CloudQuery separates the operation and maintenance management interface and the development and use interface to improve the efficiency of both parties. It is accessed through a browser and responds to the enterprise's cloud access while retaining the original desktop data operation interaction and display form. In accordance with the usage habits of developers, it also provides an operation and maintenance toolbox when DBA manages the database, which is more automated, SaaS-based, and convenient to connect with external systems, such as accounts, processes, notifications, and conversion/encryption.

Scenario 2: Comprehensive control of data users

CloudQuery self-developed authorization middleware is based on the RBAC model and adopts a hierarchical authorization mechanism. SA is responsible for system-level resource allocation, and Owner is responsible for database-related permissions to achieve full-scale fine-grained permission control.

Scenario 3: Precise application management/analysis

CloudQuery provides a full set of application database operation related tools/analysis views, covering the life cycle between the application and the database, so that data administrators can find potential risks in the application early.

Scene 4: Smart and efficient desensitization

Different from the traditional desensitization mode, CloudQuery has a dynamic desensitization function, through adaptive rules, built-in rule recognition analysis, SQL syntax recognition analysis, and keyword syntax analysis to replace traditional network protocol packages to achieve more accurate data desensitization.

Scenario 5: Full link control anti-drag library/drag meter

CloudQuery adopts a SaaS-based data operation mode, four ways to avoid direct contact with the database. Convergence client: Through self-developed Web integrated database client + self-developed database terminal, every action of the user is controlled. Firewall: monitor/block illegal connections. Analysis engine: Analyze through the two dimensions of throughput/hour, and raise/lower weight alarms when the threshold is exceeded. Minimum permission set: CloudQuery will generate a minimum permission set for each data source, which reduces the burden on the DBA while avoiding permission abuse, and indirectly reduces the occurrence of database/table drag events.

In addition, CloudQuery, as the only data management and control platform that supports domestic databases, will quickly cover the current emerging databases in the current state of the industry where domestic databases are flourishing, and provide key support for the Xinchuang industry. CloudQuery not only carries the role of data security management within the enterprise, but also provides a new cloud experience for developers and operation and maintenance personnel. The storage of desktop status and work data for remote offices and business trips provides great convenience and guarantees security. Try to create an operation speed-up tool.

Official website address: https://cloudquery.club/

Insert picture description here