The Compromise Between Database Performance and Security

by Jan 13, 2020

The performance of a database has often been considered its most critical aspect. Satisfying the demands of users is one of the primary concerns of an organization’s database team. DBAs spend a good deal of time tracking down issues that negatively affect the speed and reliability with which their database performs. Failure to attend to this responsibility results in calls from disgruntled users and unwanted meetings with management personnel.

The reliance on databases has expanded due to many factors. Companies have many new avenues through which they collect data on clients, customers, and business practices. Some of this data is extremely sensitive and allowing unauthorized access to it can cause damage to the corporation and the individuals whose data was involved in the breach. Concerns over the security of the information contained in enterprise databases have become at least as important as their performance.

There’s No Free Lunch

Balancing these two concerns can pose significant problems for database professionals. The well-worn adage of no free lunch is demonstrated when attempting to create a database that is both secure and well-performing. At times, the two concepts may seem incompatible. Improving database security can lead to performance degradation. Conversely, streamlining how your database performs can result in security shortcuts that put data at risk. In many cases, it is impossible to fully address the security of a database without introducing repercussions to its performance.

Financial resources will need to be expended to bolster either aspect of database environments. Providing enough capacity and system resources to allow users to access data efficiently while maintaining the security of that information is a challenge that needs to be met head-on during the planning and development stages of database design. The computational costs of implementing security need to be understood when provisioning the infrastructure that will power the system or there will not be enough to go around.

Choices may need to be made during the planning and implementation of database systems that emphasize one side or the other of the dilemma. Certain types of database applications may lend themselves to being optimized for performance with little thought given to the safety of the data. There may be no sensitive data used in these systems, allowing the speed and accessibility of the information to be the overriding concern of developers and administrators.

Regulatory considerations may tip the scales in favor of security over performance when sensitive personal or proprietary data is in play. The risks of non-compliance with security regulations are greater than the cost of complying with them. Monetary penalties and the negative publicity that surrounds data breaches can cripple a company. It’s a better strategy to build compliance into database design and supply enough computing resources to deliver acceptable levels of performance and security.

Segregating Performance and Security Responsibilities

The competing demands of security and performance can perhaps best be addressed by having a different person or team assigned to concentrate on each feature. Both teams should have a good grounding in database administration, but the security team does not need to worry about performance. DBAs who need to handle optimizing both the performance and security issues with their database will be put in a difficult position. Out of necessity, they will need to make tradeoffs that favor one or the other.

Splitting the two conflicting goals of ensuring high performance or solid security between two teams that each have a single goal can result in databases that are more secure and perform well. By working through the conflicts that will inevitably ensue, an optimal balance between security and performance can be achieved. An additional benefit may be afforded by using different sets of tools and sharing the collected information among the two entities.

Tools to Focus on Database Security

Their monitoring tools will be the best friends of the database performance team. They will use these applications to create baselines and pinpoint deviations which can result in performance tuning and optimization. A valuable resource for the team responsible for securing the database is a tool that can help them identify security weaknesses and address deficiencies in their systems.

IDERA’s SQL Secure is an application that provides SQL Server DBAs with a versatile toolset with which to identify vulnerabilities and fix them so their systems are compliant with a wide variety of regulatory standards such as HIPAA, GDPR, and SOX. It assists in the creation and enforcement of strong security policies and offers customizable templates that can get them through a successful regulatory audit. SQL Secure’s powerful reporting capabilities can be used for deep security analysis and risk assessment.

You can read an IDERA whitepaper that investigates how to handle the compromises that need to be made between database security and performance. Its observations may help you determine how to find the right balance for your organization. Keep in mind that while you don’t want either to suffer in your environment, erring on the side of enhanced security is never a bad idea.