Database as a service: Security and privacy issues, and appropriate controls

  • Author(s) / Creator(s)
  • Database as a Service (DBaaS) is one of the key cloud computing services that is well-known as a type of Application-as-a-Service which gives users access to a database without downloading and installing software or performance configuration but maintains the customers database. DBaaS assumes the responsibility of traditional database administration software in which data owners and clients can build, update, delete, and have access to database services without installing physical hardware and it is also economically feasible for users. Despite the advantages that DBaaS has, it suffers from many challenges, which need considerable security. For example, providers are liable to infringe consumer confidence with the risk that data security and privacy may be impeded. Additional overheads of remote network access, data security infrastructure, and user interface design for such a service are among the key issues that DBaaS faces. So, the migration of databases without impacting the consistency of the solutions is still in its infancy. This research paper identified security and privacy issues in DBaaS and offered adequate solutions to mitigate it. The identified security and privacy issues are discussed with their consequences and the security functions are taken into consideration to demonstrate the impacts on security purpose. With that, the provision of security controls by three vendors (Amazon, Microsoft Azure and Oracles) and together with related security controls and best practices from ISO 27001/2013, CSA/CCMv3.0.1 and NIST 800-53 R5 are mapped with the identified issues to aid the creation of security controls to mitigate the risks.

  • Date created
  • Subjects / Keywords
  • Type of Item
    Research Material
  • DOI
  • License
    Attribution-NonCommercial 4.0 International