Since data is the new gold, companies need to ensure they store, access, protect and transfer their data with utmost care. Choosing the best database solution is king here. For long, companies have been hosting DB related systems themselves. Nowadays, there is a shift towards acquiring databases as a service. Those companies choose to outsource their data storage solutions and focus on their core capabilities: developing and delivering software. In this article we’ll explore what a database as a service (DBaaS) is and what you need to know if you select one.
What is a DBaaS?
Various providers worldwide offer DBs as a service to end-users. Those end-users are freed from having to setup their own database servers as well as maintain them employing their own database administrators. When companies consume databases as a service, so called DBaaS providers handle the infrastructure and other low level infrastructure for them. Besides this, those providers also handle provisioning, fail-over, backup & restore actions as well as scaling (in and out) for their customers. In short, the DBaaS offers everything that their consumers do not want to do themselves (anymore).
Customers using databases as a service range from start-ups to large enterprises which operate worldwide. Small companies that quickly want to launch a pilot version of their software application benefit from having no upfront investments in terms of hardware and sysadmins to setup and maintain those databases themselves. Since their time to market is critical, they save valuable time to reach the deadlines of their product.
Larger customers benefit as well since they don’t have to invest heavily in in-house database solutions. Yet, they can remove a lot of procedures and provisioning related activities by consuming the right type of DB service. Especially large corporate companies that have a lot of (manual) procedures and processes in place to provision new databases can save a lot of time. Forget about ITIL style processes, welcome team autonomy in which the teams request the DBs themselves.
Why do you need it?
Databases as a Service are very useful if you want to concentrate on your core duties: delivering business features and skip everything else. If you lack sufficient knowledge to handle the more complex situations such as fail-over scenarios, disaster recovery, scalability issues you would benefit from having a managed DB service. Besides this, think about data sharding and the complexities it involves. That special knowledge is taken care of.
Another good reason to avoid running your own database systems is to completely avoid the hiring of database administrators. When roles of those people shift more towards Site Reliability Engineers, there is no need to specialize in DB management. It may sound tough, but if you still employ people with this role and you are thinking about utilizing DBaaS, you need to find another role for these guys.
As with everything that comes “as a service”, business benefits are pretty clear:
- Focus on core activities such as software development activities.
- Faster to provision and setup: once the initial hurdles have been tackled you can run away with it in minutes.
- Easier to maintain, especially with it comes to complex topics such as replication, disaster recovery and fail-over. Most of these features are “build in” into the service offerings. If you do not want to specialize in these areas, why spend time and money to learn it?
- Cost savings: especially true in cloud native database solutions, you would only pay for what you really need. For example: you do not need to pay for any running system when using Amazons’ DynamoDB cloud native service.
- Better integration with other cloud native services. This benefit counts when you already use cloud services for most of your applications.
- Enhanced security: database provides do everything they can to secure your data, they become masters of security since their reputation and credibility completely depends on how well they secure your precious data.
These benefits outweigh the cons big time. This does not mean there are no cons at all. Careful review the following aspects to make an informed decision:
- You cannot control the underlying system since the provider does that for you. There is no way you can tweak this or expect any exceptions from your DB providers.
- Data migration. Although many providers offer great solutions to transfer all of your data to their systems, it is still a massive project to undergo. In addition to this, also think of getting your data out if you decide to migrate to another system.
- In the beginning you could be overwhelmed with the number of options you got. You need to learn the new system. This costs time and money.
With these pros and cons in mind, let’s now explore which database requirements are important to be present on your list.
Requirements for DB service providers help you to select the best solution from the provider of your choice. First of all, you would gather the technical requirements and after that, you would list the providers with the different options they offer that fit your needs.
It’s all about location
Just with real estate markets, the three most important requirements are: location, location and location. Why is location so important when it comes to DBs as a service?
- Location greatly determines how much latency there is between your application and the database itself as well as how fast your systems respond to your end-consumers. Latency numbers which are too big make your application fail and thus you would lose customers to competitors.
- Location also plays a role when it comes to security. Your traffic ideally should not travel through the public internet (opposed to the concept of zero trust). This is slow and also less secure compared to having your database at the same location (for example your own private data-center) as your application.
There are many more requirements that have do to with location such as availability: your database needs to be online 24/7. Even in case of hardware failure you require your database provider to ensure your database remains highly available. In case of failures of one system you need to know at least the following:
- Which level of isolation is taken into account by the service provider: are database nodes spread across different server racks or spread across different availability zones / data-centers?
- How does fail-over exactly work: does this happen automatically or does it require manual steps for you to carry out in case of an emergency?
Another aspect in which location plays a crucial role is data sovereignty. In short, this means where in the physical world your data is stored. For a lot of organizations which are resided in the EU, your data must be stored within the EU when the application that process this data also has to handle a lot of privacy related information. Think of governmental agencies which have to deal with the recently introduced data protection laws.
A special note on security
You need to take special care when it comes to security related aspects. Since your data means everything to your organization, carefully consider at least the following aspects.
- What are the logging and auditing capabilities of access to your database (calls)? How verbose can you log and can you trigger any actions if you log suspicious behavior such as privileged accounts logging in to a database while you don’t expect that?
- Is every aspect properly encrypted with the most secure data encryption methodologies and industry-accepted algorithms? This includes anything that is stored on your filesystems as well as data in transit (traffic to and from your database). For the first aspect, think of AES-256 or RSA 2048. For the last aspect, think of TLS 1.3 which is the latest and greatest method to secure your traffic.
Certifications & more
- Security and compliance certifications of your database provider, for example SOC 1, 2 and 3 or the NIST cybersecurity framework. If not, it’s very unlikely that you can implement it yourself and be sure you adhere to these stringent requirements.
- Does your database provider undergo penetration testing and what are the results of the recent test results? In addition to this, how fast does your database provider fixes (critical) vulnerabilities?
- Expect the same expertise or even more from your database provider compared to your in-house knowledge. It’s best to have your database provider adhere to at least the same security requirements compared to your own developer teams.
Authentication and authorization
- What are the methods to authenticate your users and systems to your database and how fine grained are permissions to authorize those users to specific databases and/or tables. Microsoft, for example even has row level access permissions to implement the least privilege principle very strictly.
Besides these requirements there are many more which can’t be listed here. Keep the following topics in mind when you design a full set of requirements. Data durability, redundancy, monitoring, performance and alerting as well as scaling and performance. And last but not least: support (levels) of your intended database provider.
Cloud native solutions
With the uprising popularity of cloud native solution, it’s no wonder that cloud providers offer various secure, scalable and highly sophisticated database solutions. Popular databases which are offered as services are:
- Googles Firebase which is an object store database that requires zero maintainability from your side. It integrates very well with Github actions to connect your CI/CD deployment pipelines to it.
- AWS DynamoDB which is another object store database that can handle peak traffic of your websites. Besides this, AWS also offers RDS that utilizes MySQL, MariaDB and other flavors of SQL databases.
- Microsoft Azure offers, off course, Managed SQL Server databases. Save costs by bringing your own licenses. In addition to that, it also offers CosmosDB to support object store databases.
- Alibaba Cloud offers PolarDB as their scalable and secure solution for example to host MySQL databases.
All of these cloud providers offer managed, scalable, mature, secure and resilient solutions that require as little investment (both in terms of time and money) to use them.
Databases as a service provide a way for end-users to outsource their data storage needs towards a third party. Cloud providers offer various database solutions for every kind of application. Pay special care to security requirements, especially when using public cloud. With DBaaS your organization can focus on application development activities and other core activities. You can save costs and quickly spin up new pilot projects that greatly empowers your teams to bring new solutions to the market.