Grounded in the Cloud
Showing results for 
Search instead for 
Do you mean 

A targeted approach to automation for DBaaS compliance

Guest Blogger (HPE-SW-Guest) ‎08-09-2013 10:33 AM - edited ‎10-23-2015 02:07 PM

By Steve Forsyth, HP Software R&D


Based on what I hear from customers, especially those in the Financial Services industry, it’s clear that database compliance is a significant issue that any Database as a Service (DBaaS) must address if it is to work for production environments. Organizations require maximum visibility and compliance reporting, and the ability to automate compliance at scale.


Here is how I am thinking about these challenges, and how we’re solving them.


As you know, compliance is a pretty broad topic, so let’s first establish something foundational about compliance in the context of DBaaS implementation for production: it must provide visibility to and management of your database estate. As the metaphor implies, the database estate is the boundary of assets provisioned by, or possibly discovered by, DBaaS (Figure 1).


database estates.png


Fig. 1 Database estates


As with the estates of yesteryear, you can achieve higher profits through keen oversight and a focus on continuous improvement of operations. DBaaS must maintain a dynamic repository of the active databases and expose this object model via its API.


Once you have this model of the database estate, you can begin to do many interesting things with it, including assuring that the production database estate stays in compliance with PCI, SOX, CIS, HIPPA, or even your own internal standards.


> WATCH: Auditing Database Compliance for PCI and SOX standards using automation


Scaling Automated DBaaS Compliance

But if the alphabet soup of compliance checks is going to be automated at scale, we also need to be able to segregate the estate by database types. For example, you can use the underlying estate model to simply switch the RDBMS-specific CIS compliance checking workflow that will physically execute against the target database. (I cringe when I think about trying to accomplish this task without the push-button approach offered by HP’s DBaaS solution, but let me hear your horror stories anyways—post a comment below and share with us how you try to do it.)


Compliance Reporting

Database compliance solutions must offer a reporting capability. This can take on the form of reporting to auditors in a formal regulatory compliance process to online CIO dashboards. HP’s DBaaS can support this wide variety of reporting needs through its standard RESTful web services API approach.


DBaaS should also offer reporting tool and data warehouse integrations through exposure of views. Additionally, we see a strong need for DBaaS to provide holistic representations of database compliance across the estate. 


Providing a compliance lens on databases

As with most things in life, we must first understand the problem before we can fix it. A DBaaS implementation for production should provide a compliance lens to the entire database estate.  This lens can then be used to begin remediation tasks in one of three ways:

  1. Directly by the database estate operator
  2. Integrated with organizational change control process
  3. In the case of more agile environments, handed over to the resource subscriber to manage


I’d love to hear how your organization reacts to compliance data today and how you imagine yourself wanting to automate it. Post a comment below!


Learn more



About the Author


This account is for guest bloggers. The blog post will identify the blogger.

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
January 2016
Software Expert Days - 2016
Join us online to talk directly with our Software experts during the online Expert Days - see details below. Software experts do not monitor this foru...
Read more
See board event postings
Vivit Events - 2016
Learn about upcoming Vivit webinars and live events in 2016.
Read more
View all