12 September 2023

Navigating the risk of sharing database access

With the huge growth in volume and complexity, data management has become a key priority in most Enterprises. But for this data to be utilised in a meaningful way, how do you tackle the added complexity of controlling access across both technical and business departments?

Our CPO, David Gummer recently interviewed the CEO of the popular Universal Database management tool, DBeaver, Tatiana Krupenya, to discuss the often-feared topic of sharing access to the database.

Prefer video? Watch the interview here

David: ‘What are the main challenges you see in working with data in large enterprises?’

Tatiana: Modern infrastructure in large enterprises these days is very complicated. It’s not only because we have more than one database in our infrastructure (I don’t often meet companies that have fewer than 3 databases, sometimes its 5 or even 10), it’s also because these databases are not always sat neatly together; some are on-premise, whilst others are in the cloud.

In addition to this, we have collected data for decades. In the financial and healthcare sectors especially, we have petabytes of data that has been kept for a long time and to analyse this data would require more resource than the number of DBAs a company usually has.

David: ‘Luckily we have DBAs and Database Engineers to solve all these problems, don’t we?’

Tatiana: The answer is yes and no. I don’t want to doubt either of these professions; they’re great, but the challenge here is that they are mostly focused on working on the database itself. Making business decisions based on the data, is not the same type of work. It’s analysis that you need specialised roles for, like data analysis and financial analysts.

And here is the issue; on the one hand, we have DBAs who don’t want to focus time towards the analysis (I have plenty of feedback from DBAs saying they don’t want to write anymore select statements for their Database Analyst because they are ‘never ending’). And on the other hand, we have people that need to work with data, but don’t have access to it – so overall it’s quite challenging.

David: ‘I guess providing access to a wider group of stakeholders creates some risk. In your experience, what happens when companies choose to do that?’

Tatiana: Yes – it does sound risky and especially with the finance and health sectors, where sensitive data is of highest priority. But at the same time, from our experience, most enterprises can solve this issue.

We have a lot of tools provided by the databases themselves such as cloud services for permission and user management with security questions. Of course, this does make the infrastructure more complex and after granting access, the new issue soon arises of ‘how can I connect to our database? It has become so complicated!’.

In DBeaver, we’re trying to focus on these kind of tasks – we see the problems and we want to provide a single interface that hides all the security checking in the backend of the application and shows people a couple of fields to enter credentials.

The main point here is, it’s possible. Don’t be afraid of this stuff – there are always tools for the appropriate levels of security and tools to help your users and employees work with the databases. Actually, I’d say you cannot avoid this – if you want to be ahead of your competitors, you have to provide the access to be able to make decisions based on data.

David: ‘You talk there about how technology can provide broader access and manage the sensitivity of the data, but I guess DBAs don’t just worry about data leaks, they might also worry, if they are opening up access to non-technical users, that people might accidentally performing unsafe database operations. Is there a way to avoid that?’

Tatiana: It’s a good question actually, because DBAs often worry about the safety of the databases from Developers and DevOps teams, let alone other business users! But there are lots of options of how to avoid this. In DBeaver we really care about this stuff, because we know that these days, working with data is not only a task for the DBAs or Developers; it’s a task for everyone. We need to provide an interface where people can safely work together.

We can do this through making the whole data set read-only, or perhaps securing access with a password, or actually restrict all unsafe operations. If you choose the right tool, there will be no harm to your database.

David: ‘I think it’s pretty clear that we need some data management tools for our business units. Equally, it’s clear that the needs or the preferences of the different groups can differ. I’m curious, do we need UI-based tools for the more technical users like the DBAs DevOps & Data Engineers, or are command line interface tools more than enough for these users?

Tatiana: You know, I’ve heard this question a lot of times and every time I say ‘of course’.

Remember 20 or 30 years ago software developers wrote the quote in the notes part and it was fine. But was it, actually? I don’t think so.

I don’t think people have to be sceptical about UI tools for DBA, DevOps or software development tasks, because it’s not showing that you are unprofessional, or lazy, or that you don’t know how to do your job. It’s just a way to make a job more efficient. When you can press a button and get an immediate result instead of writing 30 or 40 lines of code or queries – that isn’t a bad thing. Maybe it’s even better as you can spend your time doing something more useful than these routine tasks.

It’s great when you don’t have to think about SQL dialects when you switch to another database or when you don’t need to remember how to run back up or a dump of the database – instead you can just press the button and get the result. I believe it’s the same in Redgate – they provide a lot of tools in Database administration just to make it more efficient.

It’s the same story with UI tools – it’s just a way to make your work more efficient.

David: ‘How can people make best use of the time that’s freed up there? How does it help for example in team collaboration?’

Tatiana: As I’ve mentioned, we can see that working with data has moved from the deep technical specialists to everyone; business units, marketing and sales, and so on.

Before, we thought that maybe an Excel spreadsheet or standard CRM are more than enough for all these tasks. But now we can see that more and more companies prefer to work with raw data because it gives you much more flexibility – it means you don’t need to initiate a long process for weeks to get the results. Instead, you can write a query or select statement by yourself.

Of course, business units can’t work independently – we need all of these great people who can set up our environments and create very complicated stuff for us. But at the same time, it is very nice to talk about the data in the same language – when you don’t need to translate technical terms and when you can just share the results of your work. It’s easier when you work in one infrastructure, one environment, using the same tools and you don’t have to think, you just work efficiently.

I believe that we don’t need to construct this wall between technical guys and business guys. In the modern data world, we need to remove this wall and work together.

David: ‘Thank you – you make a really compelling case for the benefits of better collaboration and that trend of democratizing access to data and making it more accessible to people in different roles is definitely something we see regularly across our enterprise customers, especially ones that are more mature in their journey with data and finding faster ways to drive value out of it. It’s been an absolute pleasure talking to you and hearing your insights. I’m sure everyone would have benefited from what you shared today so really appreciate your time’

Tatiana: Thank you, David – it was a real pleasure.

Redgate Test Data Manager

Flyway

Redgate Monitor

Overview

Test Data Management

Automate

Monitor

Redgate Blog