Data in-flight, locking down bitemporal data

Data has always been important, obviously — but the way we talk about data analytics today has become a multi-tier multi-modal multi-discipline practice.

MarkLogic: we got £160 a year data leakage problems, but KIMP ain't one

MarkLogic: we got £160bn a year data leakage problems, but KMIP ain’t one

So much is this the case that today we see the rise of the ‘data developer’ or ‘data engineer’ as a specific subset or adjunct to mainstream software application development.

Aiming to provide tools for this level of data engineering is NoSQL database company MarkLogic.

The firm’s recently announced MarkLogic 9 database now ships with embedded KMIP (Key Management Interoperability Protocol) from Cryptsoft with the aim of providing a means to integrate data from silos in the most secure manner possible.

David Gorbet senior vice president of engineering at MarkLogic argues that these are the tools that our new data engineers really need.

“With MarkLogic 9, I’m particularly excited about what we’re doing around governance, because once you have an integrated operational data hub, you need to be sure you can govern the data appropriately and apply all the security, compliance, lifecycle and other governance rules to the data,” he said.

Gorbet concludes, “In MarkLogic 9 we’re making improvements to our bitemporal capabilities for compliance purposes, as well as a number of security enhancements — for example, redaction, encryption at rest and element-level security. “

Bitemporal data explained

Temporal (i.e. time related) aspects usually include valid time and transaction time… and these attributes can be combined to form bitemporal data.

  • Valid time is the time period during which a fact is true with respect to the real world.
  • Transaction time is the time period during which a fact stored in the database is considered to be true.
  • Bitemporal data combines both Valid and Transaction Time.

Data leakage, why we care about data security

The firm reminds us that data leakage is estimated by be a £160GBP a year billion problem and analysts project 1.4 zettabytes of data by 2017.

The problem is, this data is residing in numerous places like databases, storage disks and mobile devices.

Many organisations do not employ “at-rest, aka non-moving” data encryption because managing keys for each of these individual deployments has caused major IT headaches (potentially countless keys from potentially countless devices).

Data in-flight

“Additionally, many database and other IT vendors deploy their own proprietary Key Management solutions that are not interoperable with other systems, so the cost and complexity can be overwhelming. As a result, for many companies, data is secure while in transit between consumers and business (in-flight), but once it lands with the business it may be inadequately protected (at-rest),” said the company, in a press statement.

MarkLogic has deployed Cryptsoft technology to protect data at-rest. By embedding Cryptsoft’s Key Management SDKs into the MarkLogic database, MarkLogic customers can manage data security from across the entire enterprise using a comprehensive, standards-compliant KMIP toolkit.

The MarkLogic database also offers various security models for granular security, such as Attribute-Based Access Control (ABAC), Policy-Based Access Control (PBAC), or Label-Based Access Control (LBAC), as well as mutual and external authentication, auditing capabilities and compartment security options.