Feeds

Metadata is not enough

Doesn't provide the full picture

  • alert
  • submit to reddit

3 Big data security analytics techniques

Comment Classically, at least in software terms, reverse engineering is the ability provided by a data modelling tool to inspect an existing database schema and derive entities and relationships from that schema. Hence the use of "reverse" - more usually you use such a tool to build entity-relationship diagrams from which you can generate a schema.

Now, reverse engineering is fine if you simply want to understand the entities and relationships that underpin a particular database for, say, the purposes of extending or modifying the relevant schema. However, it is hopeless if what you want to do is to understand all of the relationships that exist within the database or, even worse, understand relationships that span databases.

So, what do you do if you do want to understand all the relationships that exist across your data, which you might want to in order to support a data governance initiative, the implementation of master data management, or for a variety of data integration purposes?

Traditionally, you start by analysing your metadata and then you reverse engineer it, or you profile it, or you do whatever you like with it, but it won't really work because the metadata available to you is very limited. To put this another way: there are lots of relationships that exist between data elements that are outside of the formal structure of the data mandated by the database schema. For example, CASE statements may create relationships as do filters, concatenations, ETL transformations, business rules and so forth.

In other words, in a relational database the metadata is insufficient to form a full picture of the relationships that exist within the data (at least, without so much manual intervention that it would be cost-prohibitive). One solution to this problem would be to use an associative database instead of a relational one, but that isn't going to happen. So the only other possible approach is to eschew the use of metadata and go directly to the data.

This is what a company called Exeros (which is Greek for "tracker") has done. It has a tool called DataMapper that starts with a database crawler that, rather like an internet spider, crawls through your database or databases and automatically discovers all of your relationships. Well, not actually all: the company reckons about 80 to 90 per cent of your relationships, but as a typical metadata-based approach would be lucky to find more than 10 to 20 per cent this represents a very significant saving in terms of the time and money you need to manually identify the rest.

At present, DataMapper is limited to establishing one-to-one relationships either between or within data sources. In future, the company intends to extend its capabilities to capture multi-way relationships, but currently you would have to link these manually (for which there are capabilities in the product).

As far as I know there is no other product quite like this (though Sypherlink has some overlapping capability). When the present CTO and co-founder of the company originally had the concept behind Exeros he was told it couldn't be done, so it is likely that the company has a considerable lead over potential competitors. Though knowing it can be done is a significant advantage for any followers.

Exeros already has a partnership with Informatica and is in talks with other data integration companies. The company clearly offers a distinct advantage to anyone who uses it, so it is an inevitable takeover target. The only questions will be who, how much and when?

Copyright © 2006, IT-Analysis.com

SANS - Survey on application security programs

More from The Register

next story
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Oh no, Joe: WinPhone users already griping over 8.1 mega-update
Hang on. Which bit of Developer Preview don't you understand?
Microsoft lobs pre-release Windows Phone 8.1 at devs who dare
App makers can load it before anyone else, but if they do they're stuck with it
Half of Twitter's 'active users' are SILENT STALKERS
Nearly 50% have NEVER tweeted a word
Internet-of-stuff startup dumps NoSQL for ... SQL?
NoSQL taste great at first but lacks proper nutrients, says startup cloud whiz
Ditch the sync, paddle in the Streem: Upstart offers syncless sharing
Upload, delete and carry on sharing afterwards?
New Facebook phone app allows you to stalk your mates
Nearby Friends feature goes live in a few weeks
Microsoft TIER SMEAR changes app prices whether devs ask or not
Some go up, some go down, Redmond goes silent
Batten down the hatches, Ubuntu 14.04 LTS due in TWO DAYS
Admins dab straining server brows in advance of Trusty Tahr's long-term support landing
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.