michelangelus - Fotolia

New Yugabyte release boosts distributed SQL database security

Yugabyte now has row-level geo-partitioning for its open source distributed SQL database, enhanced multi-region features and several new features to improve security.

Open source distributed SQL database vendor Yugabyte updated its namesake database on Thursday with new features that improve performance, geo-partitioning and security.

Yugabyte integrates multiple APIs and is compatible with both the Apache Cassandra and postgreSQL open source database platforms. The new Yugabyte 2.5 release bolsters the Sunnyvale, Calif., vendor's distributed SQL database with improved management that builds on the online index-building capabilities first introduced in the YugabyteDB 2.2 update that was released in July.

Among Yugabyte's users is Justuno, based in Austin, Texas, a vendor of a visitor conversion platform to turn browsers into customers for e-commerce sites.

Justuno uses Yugabyte to power its Visitor Profile Platform, which is able to sustain 500 million user requests a day with an equivalent 50,000 SQL queries per second.

"Justuno chose Yugabyte because of its fully distributed SQL capabilities with easy-to-administer interface to scaling and backups within the Google Cloud Platform," said Travis Logan, co-founder and CTO of Justuno.

Geo-partitioning improvements in new Yugabyte release

Among the new features in YugabyteDB 2.5 that will benefit Justuno are the improved geo-partitioning capabilities, Logan said.

Logan explained that with the new release, Yugabyte will be able to partition database tables to help with regional compliance needs. For example, he noted that Justuno will be able to partition its database tables by customer accounts, so that that a given dataset could be stored outside of the U.S, if that's needed to meet a compliance requirement.

Justuno chose Yugabyte because of its fully distributed SQL capabilities with easy-to-administer interface to scaling and backups within the Google Cloud Platform.
Travis LoganCo-founder and CTO of Justuno

Karthik Ranganathan, co-founder and CTO of Yugabyte, explained that YugabyteDB has long had multi-region capabilities to enable a database to be deployed across different regions.

What's new is the ability to geo-partition data, which enables users to create a database that spans multiple regions and then have a subset of data locked to a specific region. As such, an organization can split up the data in a database table so that's it's closer to users in a specific area, or for regulatory compliance reasons such as when data has to remain in a certain region.

Yugabyte security enhancements for distributed SQL database deployment

On the security side, Yugabyte added a series of security capabilities that can help lock down a database deployment; among them is row-level security.

Row-level security is an access control policy that can define for a given user what subset of rows they can access and see in a table.

Ranganathan explained that row-level security is more advanced than a typical role-based access control (RBAC) model for defining database access. A simple RBAC policy, for example, could just state that a given user has read privileges to a database but does not have the ability to write to the database.

"Here what we're saying is a user has read and write privileges only on a few rows in a database," he said. "So it's a very advanced form of role-based access in some sense,  but it's at the level of a row, not at the level of a table."

Another new security feature for Yugabyte 2.5 is audit logging. Ranganathan noted that some enterprises want to keep track of the all the commands that are issued to the database, so that they can go figure out if there is a change in pattern that could be indicative of malicious activity.

Screenshot of Yugabyte dashboard
The Yugabyte dashboard provides platform monitoring and management capabilities for the distributed SQL database.

Encryption enhancements

Another area where security has been improved is with a series of encryption enhancements in Yugabyte 2.5, including encrypted backups. That means a user could an entire backup that is encrypted and restore it into a new cluster, without the need to first decrypt the backup, which is what was required in previous releases.

Encryption is also coming down to the column level in Yugabyte 2.5. Column-level encryption can be useful to help protect certain information. For example, it could be used in a situation in which one of the columns in a user profile contains sensitive data such as the user's social security number or credit card information.

Meanwhile, Yugabyte is currently having its database code audited by a third-party security firm to identify any potential vulnerabilities in its own systems.

Next Steps

Yugabyte raises $48M to build out distributed SQL database

Dig Deeper on Database management

Business Analytics
Content Management