Shenzhen Stock Exchange
About the Client: Shenzhen Stock Exchange (SZSE), established in December 1990, is one of the two major stock exchanges in mainland China, alongside the Shanghai Stock Exchange. As a crucial part of China's financial market, SZSE plays a pivotal role in the development and reform of China's capital markets. SZSE offers a wide range of financial services and products, including stocks, bonds, funds, and derivatives trading, with its Main Board, SME Board, and ChiNext Market catering to companies of different sizes and stages of development.
The Challenge: SZSE handles a massive volume of data across various databases, including Greenplum, Dameng, Oracle, MySQL, and SQL Server. Given the critical importance of data security, access to these databases is primarily restricted to development personnel, with access control managed through bastion hosts and database accounts. However, this setup presented several challenges:
- Efficiency and Security Risks: A large number of developers needed to query and validate online data, as well as perform data exports for temporary tables. Accessing databases via bastion hosts was inefficient and posed security risks.
- High Management Costs: The use of bastion hosts and credential-based access control resulted in high administrative and maintenance costs.
- Data Export Inefficiencies: Data export and local processing had to be performed on designated bastion hosts, leading to significant inefficiencies.
- Sensitive Data Exposure: Financial data's sensitive nature meant that direct access by clients risked exposure of confidential information.
The Solution: SZSE implemented SQLDev's dual-machine and off-site disaster recovery architecture to ensure high availability and security. Key features of the solution included:
- Temporary Privilege Escalation: Critical data access was managed through temporary privilege escalation, with authorization expiring within 12 hours. General data access utilized pre-authorized roles.
- Dynamic Data Masking: SQLDev's dynamic data masking ensured real-time protection of sensitive information during both data access and export, preventing data leaks.
- Web-Based Client Access: Developers accessed databases through a secure web-based client, enhancing user experience and efficiency while eliminating the need for costly commercial clients.
- Real-Time Violation Interception: SQLDev intercepted unauthorized access attempts in real-time, with audit logs detailing table, IP, connection, account, and operation specifics.
Results: By deploying SQLDev, SZSE achieved a unified, easily administered web-based tool that supported Greenplum, Dameng, Oracle, MySQL, and SQL Server databases. The centralized management through the web interface allowed administrators to track which team members were working on specific instances and queries.
- Enhanced Security: Dynamic data masking and two-factor authentication ensured robust data security, preventing sensitive information leaks.
- Increased Efficiency: The web-based client improved developers' efficiency and experience, while reducing costs associated with commercial clients. Temporary privilege escalation provided flexible and secure access to critical data.
- Streamlined Operations: Real-time monitoring and interception of unauthorized actions ensured compliance and security, with detailed audit logs for accountability.
- Improved Productivity: The powerful SQL editor within SQLDev enabled developers to create, save, and share queries effortlessly, accelerating troubleshooting and issue resolution. This contributed to meeting SLAs with ease.
Overall, SQLDev's system proved to be fast, reliable, and perfectly aligned with SZSE's requirements, significantly enhancing data access management and operational efficiency.