Database management

Best Practices for Cloud Database Management Systems

It’s hard to imagine that cloud platforms have been available to the IT community for nearly a decade. The popularity of cloud systems has grown to such an extent that they have become the infrastructure of choice for many organizations.

As a database consultant for over 20 years, I’ve worked with businesses of all types and sizes across a wide range of industries. As their cloud implementations matured, many companies encountered a common theme: several issues affected the quality of their cloud database platforms.

Here are some of the most common problems and recommendations to prevent them from happening.

Cloud Database Performance Monitoring

Keeping any database system running smoothly is a wonderfully complex task. From disk reads and buffer cache hit rates to multi-user concurrent transaction throughput, there is a seemingly endless array of metrics to monitor and the root causes of poor database performance to address.

In addition to standard database performance issues, DBaaS and IaaS database platforms add another dimension to performance monitoring and troubleshooting. Transferring information to and from a cloud database system can be difficult, especially if there are large volumes of data and tight time constraints.

A phrase I commonly use with clients is “no database is an island”. Most DBaaS and IaaS databases receive feeds from various sources, interact with other databases and systems during day-to-day operations, and send the output to other applications and end users.

The five components of successful cloud database management systems.

Many IT stores have found that the cloud requires an “all-inclusive” strategy. When application software and the data it accesses reside on two different cloud systems or are split between cloud and on-premises platforms, data access delays can negatively impact performance. This is a significant issue for applications that require extremely fast response times.

Good practice recommendations: In addition to reviewing their favorite DBMS performance metrics, cloud platform administrators should also focus on monitoring data transfer volumes to and from cloud systems. Document all entries and exits and include them in your surveillance strategy. While your store may have estimated data transfer volumes when initially designing the system, it’s a pretty safe assumption that they will change over time.

As their cloud implementations matured, many companies encountered a common theme: several issues affected the quality of their cloud database platforms.

Here is a list of starter questions to help identify additional monitoring activities:

  • How is the database fed? Is it loaded using flat files or database-to-database data transfers?
  • What type of output does the database generate? Does it create large reports, flat files, or data streams that other applications use as input? One of the most overlooked data transfers is when cloud database information is used to update other systems.

The goal is to forecast future transfer times and work with network engineers to discuss potential solutions and application development teams to reschedule large data transfers that impact other tasks.

Regulatory compliance reports

DBaaS platforms do not expose their underlying architecture to users. Additionally, recording the evidence that auditors need for vendor, administrator, and end-user change control compliance can be challenging when using cloud database systems.

Therefore, organizations that adhere to internal, industry, or governmental regulations regulatory compliance rules often find that they are unable to provide the audit evidence their auditors need to verify that the system meets the framework’s control objectives. Regulatory frameworks such as SSAE16 SOC, PCI DSS, NIST, NERCGDPR and HIPAA all require system-specific settings and change control information as evidence.

Although most major cloud platform vendors provide compliance documentation for some of the most popular regulatory frameworks, smaller competitors may not provide the level of supporting evidence your organization needs. Additionally, internal and third-party auditors often lose their sense of humor when asking for proof of compliance and you respond with a generic link to a vendor’s website.

Good practice recommendations: Most organizations that store and process data subject to one or more regulatory compliance frameworks have classification procedures that categorize data based on their sensitivity. One of the most common issues affecting cloud and on-premises systems is that sensitive information tends to propagate to other data stores in the organization.

When creating new cloud database systems or migrating existing databases to cloud platforms, meet security and audit teams to classify data and agree on the evidence they need to demonstrate compliance with regulatory frameworks. Additionally, you will need to perform a thorough review of the cloud provider’s compliance documentation to identify their regulatory agency certifications. One method that will help you meet all compliance frameworks is to create a spreadsheet with the following columns:

  • Description of the control objective
  • Applicable/not applicable
  • Description of evidence needed for compliance
  • Source of evidence — cloud platform provider, your organization, or both
  • Evidence location, naming conventions, and format

Maintain business continuity

During the genesis of cloud systems, many in the computing community believed that the multiple layers of connectivity, computing platforms and data redundancy would make breakdowns a thing of the past. We quickly learned from a series of high-profile outages that no matter how robust the architecture vendors created, our organizations would still need to plan for application outages.

Good practice recommendations: Here are some recommendations that will help you mitigate the impact of cloud service disruptions. Some of the recommendations may be obvious, but many organizations continue to rely solely on their cloud providers to maintain application availability during an outage.

  • Classify your applications according to their criticality. Since the inception of computers, the availability of applications has always been directly related to the cost and complexity of the system. The higher the level of availability required by your organization for a given application, the more expensive and complex it becomes. How much availability are you willing to buy?
  • Carefully evaluate the cloud provider’s high availability features. Although all major cloud platforms provide a robust set of failover protection mechanisms, many of these features will require the customer to purchase, configure, and administer them.
  • Reduce the impact of single cloud provider service disruption by implementing a multi-cloud strategy. Flexera State of the Cloud 2021 A survey of 750 cloud decision makers and users found that 92% of respondents now use multiple cloud platforms.

Like all high-quality disaster recovery and business continuity programs, develop a plan to mitigate the impact of cloud service interruptions. Design, implement, and test the actions your organization will take in the event of an outage. It is important to note that in many cases your mean time to resolution (MTTR) will totally depend on your cloud provider.