In our government agency, we are required to "harden" databases, e.g., database access, prevent Personally Identifiable Information from unauthorized access, etc.
The chosen solution is leave current data in the ERP d.b. (~5 years) and delete everything else. The data warehouse then contains all data back to the beginning of time, and it's refreshed weekly. So historical reporting that previously was done from the main ERP database will have to be re-directed to the DW.
My question is this - isn't it reasonable (from a security perspective) to restrict data to current (~5 years) via security profiles ?
- implement VPN policies (this is a non-programmatic solution)
- simply implement views and restrict data (Oracle views or BusinessObjects "views")
- could partitions be a way of restricting data access ?
My perspective on this is that we currently do all reporting out of the ERP database. But creating the DW means that now we have TWO very big databases to maintain. So all kinds of views, functions, procedures, etc. now have to be maintained in the DW in addition to the main ERP system. Why not let the computer do the work, instead of two physical databases ?
I also have recently come to learn about in-memory computing, and Professor Plattner of SAP
(1st 5 minutes) says in-memory computing (via Hana of course) REDUCES code footprint, data footprint, etc., so much so that the DW isn't even necessary !
So my main question again is - is it really necessary to physically segregate the data to "harden" access ? Couldn't the power of the computer meet this "hardening" criteria ?