Securing the Extract, Transform, and Load (ETL) Pipeline

Brian Kelley
60 minutes
BI Platform Architecture, Development & Administration
In most organizations, "batch" processing happens at least nightly. Data is moved from one system to another, often with multiple stops along the way. We tend to do a good job securing the endpoints: where the data starts and where it ends up. However, the in-between drops are often neglected. In this session we're going to look at typical ETL (Extract, Transform, Load) pipelines and consider the weak points an attacker might go after. We're going to eliminate FUD (Fear, Uncertainty, and Doubt) by looking at a few typical architectures, discussing risks at each point, identifying options for protecting the vulnerabilities, and what we've seen typically done (if anything) in practice. While this talk primarily uses Microsoft SQL Server as the example/guinea pig, especially the database engine and SSIS, the discussion will be applicable to any solution.

Back to Top cage-aids