Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Data Privacy in the Database, Shahid's NoBS Gui...

Shahid N. Shah
May 26, 2022
Programming
0
120

Data Privacy in the Database, Shahid's NoBS Guide to Privacy by Design

If your database schema is not designed for privacy, don’t let your colleagues fool you into thinking it’s something you can just add in later as a layer. If your modern APIs and integration points aren’t privacy-aware by design, you cannot simply patch it in a future release. If you’re writing code for zero trust, you can’t just change it easily later. Join long-time healthcare CTO Shahid Shah as he talks about the technical means to ensure privacy by design, such as how to create database schemas that allow privacy and security at the table and row levels and how to write code and perform QA to ensure privacy is in the software development lifecycle. This is a can’t miss talk for CTOs, heads of product management, senior engineers, senior architects, developers, programmers, and database professionals (DBAs).

This presentation was delivered at AIN's "Embedding Privacy in Digital Health" event held virtually May 25-26, 2022.

Shahid N. Shah

May 26, 2022
Tweet

More Decks by Shahid N. Shah

See All by Shahid N. Shah
Surprising Fundraising Lessons Most Healthcare Companies Fail to Learn
shah
0
410
Investor Guide to HDO Product Market Fit for Digital Health / SaMD / Digital Therapeutics Solutions
shah
0
200
Quantitative Regulatory Science (RegOps) for Software Intensive Medical Devices and SaMD
shah
0
360
How can investors spot AI BS?
shah
0
190
Opportunities created by Healthcare's adoption of AI and Machine Learning
shah
0
440
What comes after REST?
shah
1
1.3k
DHIN Summer Summit, Finding the Humans in Health IT
shah
0
460
Reimagining Physician-Payer Collaboration for the Real-time Digital Age
shah
0
370
Practical Risk Management for Medical Devices
shah
1
430

Other Decks in Programming

See All in Programming
Fiber Scheduler vs. General-Purpose Parallel Client
hayaokimura
1
100
On-the-fly Suggestions of Rewriting Method Deprecations
ohbarye
1
1.7k
地域ITコミュニティの活性化とAWSに移行してみた話
yuukis
0
240
SEAL - Dive into the sea of search engines - Symfony Live Berlin 2025
alexanderschranz
1
130
Bedrock×MCPで社内ブログ執筆文化を育てたい!
har1101
6
1k
Boost Your Performance and Developer Productivity with Jakarta EE 11
ivargrimstad
0
1.5k
Amazon CloudWatchの地味だけど強力な機能紹介!
itotsum
0
150
Empowering Developers with HTML-Aware ERB Tooling @ RubyKaigi 2025, Matsuyama, Ehime
marcoroth
2
530
リアクティブシステムの変遷から理解するalien-signals / Learning alien-signals from the evolution of reactive systems
yamanoku
3
1.2k
Road to RubyKaigi: Making Tinny Chiptunes with Ruby
makicamel
4
120
Qiita Bash
mercury_dev0517
2
200
設計の本質:コード、システム、そして組織へ / The Essence of Design: To Code, Systems, and Organizations
nrslib
1
150

Featured

See All Featured
Faster Mobile Websites
deanohume
306
31k
Automating Front-end Workflow
addyosmani
1369
200k
10 Git Anti Patterns You Should be Aware of
lemiorhan
PRO
656
60k
Building Adaptive Systems
keathley
41
2.5k
Mobile First: as difficult as doing things right
swwweet
223
9.6k
Raft: Consensus for Rubyists
vanstee
137
6.9k
Visualization
eitanlees
146
16k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
41
2.2k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
13
1.4k
Bash Introduction
62gerente
611
210k
YesSQL, Process and Tooling at Scale
rocio
172
14k
Intergalactic Javascript Robots from Outer Space
tanoku
270
27k

Transcript

  1. Shahid’s NoBS Guide to Data Privacy for Good Engineers BLUF1:

    If you’re not using policy-based cell-level security inside a modern (probably relational) database, you probably don’t have a secure data architecture. 1 Bottom Line Up Front

  2. Common design patterns and their flaws Monolithic App Service-based Apps

    and Microservices Presentation (e.g., HTML/Win) Application (e.g., “web” server) Storage Individual Login Group Permissions Authentication Authorization App/service user/password can see all tables and data, no policies enforced inside the database. Presentation (e.g., HTML) Service 1 Storage AuthN/AuthZ Service Service 2 Service… Extended Authorization

  3. Things get worse with more devices Individual Login Group Permissions

    Authentication Authorization App/service user/password can see all tables and data, no policies enforced inside the database. Presentation (e.g., HTML) Service 1 Storage AuthN/AuthZ Service Service 2 Service… Extended Authorization RPM Device RPM Device Mobile Device

  4. Major flaws in existing architectures Data security is not where

    data is stored: in the database Apps and services used shared passwords and authentication No policy-based enforcement of authorization or data permissions No reasonable auditing of data access / mutation at the person entity or non-person entity (NPE) levels

  5. How to modernize: privacy-aware and privacy by design architecture •

    “Zero Trust” data architecture should be the goal • Shared app or service passwords must die • Server and device certificates must replace passwords • Identities must be severable from transactions and analytics

  6. Choose the right database • NoSQL and “schemaless” databases should

    be avoided – they’re harder to secure at the data level • Stick with relational database management systems (RDBMs) unless you’ve got data architecture experts on the team • PostgreSQL is a great open source and free choice – if you don’t know what else to choose start here • MySQL and family are also reasonable options • If you can afford ORACLE and MS SQL*Server or other commercial offerings they’re excellent options too

  7. Use your database for secure data management, not your service

    layers or apps • Use severable identities – create identities and identifiable data in separate schemas or separate databases • Use database policies to enforce row-level and cell-level data security • Don’t design for FHIR or healthcare-specific use cases, design for hackers who will get access to shared passwords or cases when your devs will accidentally commit passwords into Git • Build in telemetry access into the database don’t depend on layers of security for data architecture (layers are good for app security, not data security)

  8. Examples of data security in the database CREATE TABLE passwd

    (…); CREATE ROLE admin; -- Administrator CREATE ROLE bob; -- Normal user CREATE ROLE alice; -- Normal user -- Be sure to enable row-level security on the table ALTER TABLE passwd ENABLE ROW LEVEL SECURITY; -- Create policies -- Administrator can see all rows and add any rows CREATE POLICY admin_all ON passwd TO admin USING (true) WITH CHECK (true); -- Normal users can view all rows CREATE POLICY all_view ON passwd FOR SELECT USING (true); -- Normal users can update their own records, but -- limit which shells a normal user is allowed to set CREATE POLICY user_mod ON passwd FOR UPDATE USING (current_user = user_name) WITH CHECK ( current_user = user_name AND shell IN ('/bin/bash','/bin/sh','/bin/dash','/bin/zsh','/bin/tcsh') ); -- Allow admin all normal rights GRANT SELECT, INSERT, UPDATE, DELETE ON passwd TO admin; -- Users only get select access on public columns GRANT SELECT (user_name, uid, gid, real_name, home_phone, extra_info, home_dir, shell) ON passwd TO public; -- Allow users to update certain columns GRANT UPDATE (pwhash, real_name, home_phone, extra_info, shell) ON passwd TO public;

  9. Conclusion: If you’re not using policy-based cell- level security inside

    a modern (probably relational) database, you probably don’t have a privacy-aware and privacy by design data architecture.