Major database errors remain a prominent problem for enterprises, across all industries. In a recent study conducted by DBmaestro, nearly 50% of respondents reported experiencing a major database error or crash in the past 3 months. As more and more organizations move toward Agile processes and more frequent deployments, how can DevOps best practices be adopted in the database safely and effectively? In this webinar, we'll cover: How enterprises are adopting DevOps for the database and what they’re struggling with Actionable tips for increasing the frequency of database deployments while reducing risk and preventing errors Security analyses of famous database horror stories, and how they could have been avoided How DBmaestro's database release automation platform can help you get database risk under control

1. Security, Policy & Drift
Getting Database Risk Under Control in
Release Automation
WEBINAR

2. Presenter
Yaniv Yehuda
CTO & Co-Founder, DBmaestro

3. “Enterprise DevOps adoption isn’t mandatory— but neither is
survival.”
– Gene Kim, The Wall Street Journal, CIO Journal, May 22nd, 2014
DevOps…or die.

4. DBmaestro 2018 Database DevOps Survey
DevOps Adoption Within Organizations
All the cool kids are doing it… but…

5. The database side - then vs. now
DEV team responsibilities
− Creating logical changes to the app/DB
DBA responsibilities
− DB changes code reviews (especially in high
risk areas)
− Handling rollout and rollout risks
− Health and continuous operation of the DB
Problem:
Slow process
Small focus
• Every 2-3-4 weeks?
• Continuously?
• CI /CD
Small/atomic changes
• Quick feedback loops (unit tests,
automated tests, etc)
• Small changes quickly pushed all the
way to (pre) production
Problem:
Rollout risk responsibility?
Blamestorming is inevitable
Waterfall Agile

6. High frequency → getting higher
Frequency of Application Deployments by DevOps
DBmaestro 2018 Database DevOps Survey
14%
29%
37%
8%
10%
3%
24%
38%
23%
6% 6%
4%
More than once a
day
More than
once/week
A couple of
times/month
Once/month A few
times/quarter
A few times/year
2017 2018

7. More releases → more errors
Frequency of Database Changes vs. Last Database Crash
DBmaestro 2018 Database DevOps Survey

8. Integration (or lack thereof) of DBAs with other teams
The Role of the DBA
DBmaestro 2018 Database DevOps Survey
How Database Changes
are Performed

9. What happens if the database is not part of the DevOps strategy?

10. Horror Story #1 :
THE THING (IN OUR DATABASE)

11. “I worked with a major bank. They were trying to switch to Agile and update their
database processes.
A DBA added an index to the 180m-record table in PROD to accelerate its
performance.
It was never documented.
A developer released an update to the bank’s app based on a compare-and-sync
method, overriding the DB schema…and… deleting the index.
The app was down for 36 hours while they tried to find the cause of the
error and fix it.”

12. Horror Story #1 – Post-mortem
▪ Documentation: DBA made undocumented changes
▪ Misuse of tools: Use of tools that are suited for manual, not automatic
operations
▪ Roles and access: That developer was not supposed to have had access
to push changes to PROD
▪ Documentation, strike 2: The developer didn’t document his changes
either, making it difficult to retrace steps and rebuild the index.

13. Horror Story #2 :
MISERY

14. Source: Reddit

16. Horror Story #2 – Post-mortem
▪ Documentation (a different kind): Production database credentials were
openly shared
▪ No policy enforcement: If the company had enforced policy on
database scripts, truncating tables or things like daytime modifications
to production, the disaster also could have been prevented
▪ Roles and access: A junior developer should not have had access to
push changes to PROD
▪ No backup: Production database not properly backed up, nor were
backups tested

17. DevOps adoption and new global security measures
• Agility
• Quicker time-to-market
• CI/CD
New security requirements
New processes
Separation of duties
• Increase in breaches and hacks
• More data held online, in cloud
• Internet accessibility growth
DevSecOps

18. DBmaestro: Getting database risk under control
Automating database release processes, staying on top of security.
DevOps:
• 10x faster time-to-market
• CI/CD automation
• Drift management and prevention
Security:
• Meeting compliance requirements
• Roles and permissions
• Policy management
• Audit trails

19. Release Pipelines -Fast, Safe, Repeatable, Scalable

20. Auto Drift Detection & measure KPIs and share scorecards

21. Roles and permissions
Control who can do what and
where
● Project segmentation
● Separation of duties
● Roles
● Rights of processing
○ DEV…
○ QA
○ Pre-PROD?
○ PROD!?!

22. Policy management
Determine what types
of activities can be
deployed, where and
when
● What is OK?
● Automated…

23. Audit trails of all structural changes
▪ Keep a complete history of
all changes made and
attempted
● Who?
● What?
● When?
● Where?
GDPR, HIPAA, SOX…

24. Horror Story #3 - PREVENTED!
I KNOW WHAT YOU DID LAST DEPLOYMENT

25. “In the middle of a live webinar, with 150 people
watching, I was demonstrating the product’s release automation
capabilities. I made a manual change to rectify a simulated
drift in ‘production’, incorrectly, and DBmaestro prevented me
from pushing an update due to the
configuration drift in production. Confused and
stressed, I didn’t read the error message, tried 2-3 more times,
kept getting rejected till I moved to the next example.”

26. (Almost) Horror Story #3 – Post-mortem
▪ Drift prevention: No matter how hard I tried, the system wouldn’t allow me to
push an update, conflicting with a configuration drift at production, without
acknowledging the drift and signing an approval (create or replace statement…)
▪ Stress: The conditions I was operating under (live webinar, people
watching…), very effectively simulated real-life situations (production update,
people waiting) that can lead to manual database errors and overlooking
available information.

28. Q&A

29. Thank you!