Data Warehouse Security

DataWarehouse Security

DataWarehouse Security

Manyorganizations are doing much to protect their strategic informationassets. Security of data warehouse is now becoming a priority formany of them. Data warehouse can be defined as a system that involvesintegrated databases that help in decision making and problem solving(Alberto &amp Martin, 2000). The system has summarized and highlydetailed historical data that relate to numerous subjects, areas, andcategories .Different time horizons have relevant units of data. Datawarehouse forms part of an organization’s system involved indecision making. Ordinarily, the system is not used in data update.Analysis and access of data becomes easier since the data warehouseempowers users to do so. Organizations with data warehouse becomecompetitive because they are capable of maintaining and attractingmarket shares, the employees have the capability to solve theorganization’s problems efficiently and effectively and, theinformation also becomes easier to share .Consequently, the employeesturnover is reduced (Vance, 2011).

Thereare set of challenges that emulate from the data warehouse security.Security of warehouse data prevents unauthorized hackers frommodifying and accessing data of an organization, and prevents theftof applications. In addition, the information is received by theright users (Nadkarni, 1998). The system ensures that records of allusers are kept and that all the information is received at the righttime.

Itis important for enterprises to ensure that they have a mechanismthat offers internal control .This security mechanism ensures thatdata is distributed in an environment in an integral, available, andconfidential manner. According to Vance (2011), during itsdevelopment stage, a data warehouse must be built with considerationto security. Security requirements can be proactively achievedthrough different phases.

Phaseone consist of identification of data. Identification of data that isdigitally stored in the DW is the first step undertaken to ensuresecurity. This phase operates as a foundation for other developingphases. In this process, complete inventory of the data available tothe end users of data warehouse, is undertaken. Installation ofsoftware that monitors data is very essential in this phase. Albertoet. al, (2000) suggests that data monitoring software has thecapability of providing accurate details about columns, profiles ofdata found in the environment of DW, tables, all databases, and alsoinformation of the users and how the data is being used often. Thedata collected must be reserved for the next phase and it should beorganized in a formal manner for documentation.

Thesecond phase involves classification of data. In order to satisfysecurity demands, it is best for an organization to classify theavailable data in the DW environment. The data is best classified ina prudent manner to ensure confidentiality, availability andintegrity of the data. The data owners, end users, and the custodianshold the mandate of ensuring they are involved in this task.Generally, it is advisable to classify information on the basis ofmodification, destruction, and on the basis of sensitivity todisclosure (Martin et. al., 2000). In terms of sensitivity, corporatedata is classified as public, confidential, and top secret. Thepublic data is the least sensitive and can be accessed by end usersof all levels. Examples of these types of data are admissioninformation, phone directories, and also financial statements thathave been audited. Confidential data is moderately sensitive. Thistype of data cannot be disclosed to the public. Such data is accessedby users when there is a need for then to work in a successfulmanner. Examples are medical history, investments, and personnelinformation. Top secret information is the most sensitive of all. Theleast privilege principle applies in this category of data. Data canonly be accessed by the high data warehouse users. They should alsohave security clearance that is valid. Access is limited to users whohold the critical duties of an enterprise. This type of data includesthe trade secrets, recruitment strategy, and product lines new to thecompany. The main goal for classification of data is to ensure thatdata is ranked in a manner that increases sensitivity (Vance). Thisact ensures that each category has different security measures.

Accordingto Nadkarni (1998), quantification of data forms the third phase.This is the process of assigning value to the data that has alreadybeen classified in different categories based on sensitivity. Often,the value of data is measured through the cost of restoration ofcorrupted integrity, fabrication, and interception of data. Also, thecost to reconstruct data, slow decision making, payment of financialliability for disclosing the confidential information, can be used tomeasure the value of sensitive data.

Phasefour involves identification of data vulnerabilities. Identifying anddocumenting vulnerabilities is essential in this phase. In built DBMSsecurity, dual security engines, inference attacks, availabilityfactor, human factors, insider threats, outsider threats, utilityfactors, and natural factors are vulnerabilities that must beorganized and documented in a comprehensive manner (Martin, et. al2000).

Thecost of the protective measures of the DW environment must beidentified to ensure security. The protective measures include, theaccess controls, human wall, integrity controls, encryption of data,partitioning, and development controls. Phase six involves selectionof security measures that are cost effective. Justification ofsecurity expenses is of importance since all security measuresrequire funding. Adaptability, compatibility, impact on the datawarehouse performance must be used side by side with the cost factorto ensure effective security.

Evaluationof the effectiveness of the security measures forms the last phase.This process must be done in a continuous manner to verify whetherthe measure are flexible, straightforward and simple, carefullytested and verified, used in a proper, legitimate, and selectivemanner, efficiency on the basis of time, user centric activities, andmemory space (Vance, 2011).

Inconclusion, the delegated authority and data warehouse administratorshave the mandate to ensure that security measures of DW is effective.Security mechanisms must be presented in multiple layers to cater forsecurity of all components of the DW. This ensures that critical datais not lost or compromised when one mechanism fails.


Alberto,A. &amp Martin, C. (2000). The data warehouse: an object-orientedtemporal database, retrieved from

Nadkarni,P. (1998). Data Warehouse Technology: focusing on ClinicalWarehousing, retrieved from,

Vance,A. (2011). Data Analytics: Crunching the Future, retrieved from, 09082011.html.