On May 27, 2021, Yunhe Enmo Lecture Hall was held in Sheraton Wuhan Hankou Pan-Sea Hotel. The event invited several guests to share, including Changjiang Ecological Innovation Center, Tongji Hospital, Yunhe Enmo, Hangzhou Turz Company, and attracted about 150 industry customer representatives and database practitioners from Hubei, Hunan, Jiangxi and other regions.

The activity with “data value, and wisdom to win the future” as the theme, around the field data and database, the database localization how selection, database, how to do it controls no dead Angle, in the face of numerous database and huge amounts of data to reduce the pressure of ops, do unified intelligent management, such as guests all did share his theme.

Chen Bangyi, founder of Hangzhou Turz Information Technology Co., LTD., shared the topic of data security — security control of database intelligent operation and maintenance.

In the era of big data, application systems become increasingly complex. As the core and foundation of application systems, database carries more and more key business systems and massive data. In the face of numerous complex business scenarios and data operators, how to ensure enterprise data security and improve the efficiency of data operation in the process of data control has become a key problem to be solved urgently. Chen Bangyi gave his own answer in his share — creating a unified data security entrance for enterprises based on CloudQuery. In the current era of data explosion, authorization management for databases is implemented in a unified manner to reduce the risk of operators and improve the efficiency of data operation.

To address the efficiency and security dilemmas faced by data operators, CloudQuery comprehensively controls and analyzes the interactions between people (internal/external) and applications (r&d/procurement) and the database from an organizational perspective. In addition, CloudQuery integrates all data operation, audit, authorization and other control functions with a single portal to precisely control data through a full link, eliminating data leakage and other security risks caused by traditional multi-portal access.

CloudQuery intervenes in enterprise data security governance through five core application scenarios.

Scenario 1: Integrated database client with/tube separation

Based on the 2/8 principle, CloudQuery operations management interface and the development use interface separation, enhance the efficiency, the browser to access, the response to the enterprise cloud at the same time retain the original on the desktop data manipulation, interactive and show form, joint developers use habit, at the same time in the DBA management database to provide operational toolkit, More automated, SaaS, easy to connect with external systems, such as accounts, processes, notifications, transformation/encryption.

Scenario 2: Comprehensively control data users

CloudQuery self-developed authorization middleware, based on RBAC model, adopts hierarchical authorization mechanism. SA is responsible for system-level resource allocation, and Owner is responsible for database-related rights to implement fine-grained rights control.

Scenario 3: Precise application management and analysis

CloudQuery provides a full set of tools and analysis views related to application database operations, covering the life cycle between applications and databases, helping data administrators detect potential application risks in time.

Scene four: Smart and efficient desensitization

Different from the traditional desensitization mode, CloudQuery has the dynamic desensitization function, and achieves more accurate data desensitization through adaptive rules, built-in rule recognition analysis, SQL syntax recognition analysis, and keyword syntax parsing instead of traditional network protocol packages.

Scenario 5: Full-link control anti-drag library/drag table

CloudQuery uses a SaaS data manipulation model, with four ways to avoid direct contact with the database. Convergence client: controls every action of users through the self-developed Web integrated database client + self-developed database terminal. Firewall: Monitors/blocks illegal connections. Analysis engine: Analyzes by volume/hour and generates an up/down alarm when the alarm exceeds the threshold. Minimum permission set: CloudQuery generates a minimum permission set for each data source, reducing DBA burden while avoiding permission abuse and indirectly reducing library/table drag events.

In addition, CloudQuery, as the only data control platform supporting domestic databases, will quickly cover the current emerging databases under the current industry status of domestic databases blooming, while focusing on the information and innovation industry support. CloudQuery not only plays the role of data security management in enterprises, but also provides a brand new cloud experience for development, operation and maintenance personnel. Desktop status and working data storage provide great convenience for remote and business trips. On the basis of ensuring security, we try our best to build an operation speed tool.