Why Are Customers Architecting Hybrid Data Warehouses?

By Mona Patel

As a leader in IT, you may be  incented or mandated to explore cloud and big data solutions to transform rigid data warehousing environments into agile ones to match how the business really wants to operate.  The following questions must come to mind:

  • How do I integrate new analytic capabilities and data sets to my current on-premises data warehouse environment?
  • How do I deliver self service solutions to accelerate the analytic process?
  • How do I leverage commodity hardware to lower costs?

For these questions, and more, organizations are architecting hybrid data warehouses.  In fact, these organizations moving towards hybrid are referred to as ‘Best In Class’ according to The Aberdeen Group’s latest research: “Best In Class focus on hybridity, both in their data infrastructure and with their analytical tools as well.  Given the substantial investments companies have made in their IT environment, a hybrid approach allows them to utilize these investments to the best of their ability while explore more flexible and scalable cloud-based solutions as well.”  To hear more about these ‘Best In Class’ organizations, watch the 45 minute webcast.

How do you get to this hybrid data warehouse architecture with the least risk and most reward?  IBM dashDB delivers the most flexible, cloud database services to extend and integrate with your current analytics and data warehouse environment, addressing all the challenges related to leveraging new sources of customer, product, and operational insights to build new applications, products, and business models.

To help our clients evaluate hybrid data warehouse solutions, Harvard Research Group (HRG) provides an assessment of IBM dashDB.  In this paper, HRG highlights product functionality, as well as 3 uses cases in Healthcare, Oil and Gas, and Financial Services.   Security, Performance, High Availability, In-Database Analytics, and more are covered in the paper to ensure future architecture enhancements optimize IT rather than adding new skills, complexities, and integration costs. After reading this paper, you will find that dashDB enables IT to respond rapidly to the needs of the business, keep systems running smoothly, and achieve faster ROI.

To know more on dashDB check out the video below:


About Mona,

mona_headshotMona Patel is currently the Portfolio Marketing Manager for IBM dashDB, the future of data warehousing.  With over 20 years of analyzing data at The Department of Water and Power, Air Touch Communications, Oracle, and MicroStrategy, Mona decided to grow her career at IBM, a leader in data warehousing and analytics.  Mona received her Bachelor of Science degree in Electrical Engineering from UCLA.


Data Security in dashDB

By Walid Rjaibi,

dashDB is a managed data warehousing and analytics service on the cloud, available on both the Bluemix  and Cloudant platforms. For IT professionals, it takes data warehouse infrastructure out of the equation when you must rapidly add analytics services for your organizations. For business professionals, it provides a self-service analytics powerhouse in a cloud-easy, load and go format. But when you place your data in the cloud you need to know that it is secure. In this blog you will learn how dashDB keeps your data secure through encryption, database activity monitoring, deployment hardening, and secure design principles

Encryption for data at rest

With dashDB, encryption for data at rest is automatic. The encryption uses Advanced Encryption Standard (AES) in Cipher-Block Chaining (CBC) mode with a 256 bits key. Encryption and key management are totally transparent to applications and schemas. Additionally, the client has the option to indicate, upon provisioning, the master key rotation period. The default is 90 days but the client may choose a different value. The master key rotation is automatic and transparent. Database and tables-pace backup images are automatically compressed and encrypted. Like for online data, backup images are also encrypted using AES in CBC mode with 256 bit keys.

Encryption for data in transit

Secure Socket Layer (SSL) is automatically configured when your dashDB database is provisioned. That is, your database applications have the option to immediately leverage SSL to protect the confidentiality and integrity of the database traffic. The SSL certificate you need to enable your applications for SSL is easily downloadable from the dashDB console. The dashDB console itself is automatically deployed with HTTPS so all your exchanges with the console are also protected with SSL.

Database activity monitoring

Your dashDB database is continuously monitored through IBM InfoSphere Guardium. The monitoring reports are made available to you easily through the dashDB console. Three different reports are available. The first is a sensitive data report. This allows you to understand what sensitive data might be present in your database (e.g., credit card numbers). The second report is a database connections report. This allows you to understand who is making connections to your database. The third report is an activity report. This allows you to understand who is accessing which objects in your database. There are two versions of this report: A summary version and a detailed version.

Database access control

Database access control starts with the dashDB console where you define your database users. Your dashDB database also provides a rich set of traditional security capabilities to allow you to manage who in your team should have access to what objects in your database.  These capabilities include table level privileges and role based access control. For example, suppose that a Guardium sensitive data report shows that you have a table that includes sensitive data. In this case, you would want to create a role representing the users authorized to access that table, grant access on the table to that role,  and then revoke access from anyone else.

Deployment hardening

Both the dashDB database server and the database are hardened. The database server employs a host firewall to protect listening services against port scans and other network security threats. As such, only the required TCP ports are open. CONNECT authority to the database is revoked from PUBLIC, and SELECT privilege on the catalog tables and views is also revoked from PUBLIC. Additionally, the AUTHENTICATION database manager configuration parameter is set to SERVER_ENCRYPT which means that user authentication credentials are never exchanged in clear text between a user application and the database server. These credentials are automatically encrypted with AES 256 when sent over the network regardless of whether SSL is used or not.

Secure design principles

The development of dashDB follows secure development best practices as outlined in the IBM Secure Engineering Framework (http://www-01.ibm.com/software/test/wenses/security/). For example, this includes the completion of a risk assessment and a threat modeling document. Additionally, the IBM Security AppScan tools are regularly used to conduct static and dynamic code analysis during the development process.

About Walid Rjaibi, 

Walid Rjaibi is the Chief Security Architect for IBM Information Management (IM). He drives the strategy and provides technical oversight for security over a broad set of IM products and cloud services. Prior to his current role, Walid was a Research Staff Member at the IBM Zurich Research Lab in Switzerland where he established and led a new research program focused on database security and privacy. His research results were the foundation for key security enhancements in IBM’s database products and for which he led the actual development efforts upon his return to the IBM Toronto Lab. Walid’s work so far resulted in over 20 patents and several publications in the proceedings of leading scientific conferences, such as the international conference on Very Large Databases (VLDB), the International Conference on Data Engineering (ICDE), and the international conference on Security and Cryptography (SECRYPT). Walid also speaks frequently at industrial conferences such as the International DB2 User Group (IDUG) and the IBM Information of Demand (IOD). You can follow him on @WalidRjaibi

The Not So Secret Cloud Club: How to Get Past the “Cloud Gap”

By Adam Ronthal,

The Not So Secret Cloud Club: How to Get Past the “Cloud Gap”

Three factors that hinder cloud adoption and how you can get past them to reap the benefits of analytics on the cloud

It’s no secret that organizations are using cloud to drive improved revenue growth and higher profit.[1]  And as an IBMer, it’s nice to see that it’s not only IBM that’s seeing this. A recent Aberdeen Group study showed some striking results comparing “best in class” organizations with their industry peers and found the following:

  • 4x faster BI deployment times
  • 50% more users actively engaged with analytics
  • More than 50% increase in users with self-service access to BI

The distinguishing factor for these “best in class” organizations was the use of cloud-based analytics at a 48% higher rate than their industry averages. Interestingly, Aberdeen confirms that these organizations had higher revenue growth and operating profit with lower operating costs for those using cloud options.

So the word is out… cloud makes sense on many levels. We’re all dealing with an increased volume of data, compressed decision time frames, and a greater urgency to get answers and insight. In short, we are being asked to be more agile, so why not adopt a platform designed for ultimate agility?

But despite all of these positive indicators, many organizations are still finding it difficult to make the jump to cloud. For predictive analytics needs, TDWI recently reported that public cloud based infrastructure lags in adoption compared to more  traditional technologies. I call this “The Cloud Gap”. The good news is that it can be addressed!

Adam Blog V1

Source: Predictive Analytics for Business Advantage, TDWI Best Practices Report, First Quarter 2014

The factors that hinder cloud adoption fall into three key areas:

  • Security Concerns
  • Need to support hybrid architectures
  • Data Ingest Difficulties

The first, security concerns require that organizations not only understand what data they are looking to move to cloud, but also choose a reliable trustworthy cloud vendor with deep understanding of security issues. In some cases, it doesn’t make sense to move sensitive data to the cloud; that data can remain on-premises.  For the data that we do move to the cloud, we still want to ensure a secure cloud infrastructure and a secure cloud application design. IBM provides just that with certified SoftLayer data centers and the expertise to develop and deploy cloud-based applications and infrastructure.

Second, most organizations are not moving everything to the cloud. Instead, they are using a hybrid “ground to cloud” approach. This means that the same applications and tools used for on-premises systems should also work with cloud systems. Here again, IBM provides just such tooling with our deep analytics and big data portfolio and fully flexible deployment options. Think of the possibilities when you have portable analytics algorithms that can run both on-premises or in the cloud!

Finally, understanding data ingest requirements and making it easy to ingest data from a variety of sources is critical. IBM brings deep expertise in this area and has brought it to its cloud-based data integration solutions. Or, you can connect the same familiar ETL tools you are already using on-premises to cloud environments.

So why wait? Join the cloud club, and modernize your existing data warehousing architecture. You can start with IBM, and grow up with IBM both on-premises and in the cloud, or wherever your analytic needs take you.

And this club doesn’t have a snooty dress code, secret handshake, or exorbitant initiation fees.  Everyone is welcome!

Let’s connect at IBM Insight in Las Vegas, October 26-30.  There are three sessions I would call out for you to learn more about adopting analytics in the cloud.  I am presenting one of them but will be at all three of them.

  • FTC-4285 – Data Warehousing and Analytics in the Cloud: IBM’s New Data Warehousing Service – Adam Ronthal, Tue Oct 28 (3:00 p.m. – 4:00 p.m.)
  • IWM-4637 – Advanced Warehouse Analytics in the Cloud – Torsten Steinbach Mon Oct 27 (3:30 p.m. – 4:30 p.m.)
  • IDB-6062 – Data Warehousing in the Cloud – a practical deployment guide – Hania El Ayoubi and Michael Kwok, Wed Oct 29 (10:00 a.m. – 11:00 a.m.)

Next steps:

Download the Aberdeen White Paper and see the benefits of cloud adoption!

About Adam,

Adam Ronthal has worked in the technology industry for 20 years in technical operations, system administration, and data warehousing and analytics. In 2006, Adam joined Netezza as a Technical Account Manager, working with some of IBM Netezza’s largest data warehousing and analytic customers and helping them architect and implement their Netezza-based solutions. Today, Adam works in technical marketing for the IBM’s big data, cloud, and appliance offerings. Adam is an IBM Certified Specialist for Netezza, and holds a BA from Yale University.

[1] http://www-03.ibm.com/press/us/en/pressrelease/42304.wss