Friday, January 27, 2012

An Analysis of Normalization Through the Eyes of the Developer - Part II

View Part I
 
This design is also inefficient because it puts a task in the middle tier developer’s hand that a normalized table would already be designed to handle, more to the point, a normalized table would have avoided the problem all together.  I am speaking here of adherence to the first normal form.  The current design would require the developer to manage all data going into all four language columns, per product.  This may include building a subroutine to ensure that only one of the columns in the language family of columns is a “1” and the rest are all “0”s; or manually auditing the data to ensure this; or even worse doing nothing to audit this data and running the risk of having dirty data spread across multiple columns.  A normalized solution allows SQL to naturally avoid this expensive, unnecessary development work, and all future data cleansing work.  Having multiple columns for each language also brings forth the issue of query performance to get the data out.  If the previous inefficiencies are acceptable, the development effort and speed of all queries built against this non-normalized table is guaranteed to become an issue in this design.  There is no quick way to return all records for one specific language in the current non-normalized design.  More importantly, any query that is designed to return the needed data with always be a distance second, performance wise, to a query for the same data built against a properly normalized table.  You are doomed to always have inferior query performance.


One last major issue with this design is the excess space this non-normalized design leads to using.  With one column per language, and four languages, you are essentially saving 3 pieces of data that each say, “I am irrelevant.”.  What a waste!  I am reminded of a former manager who told me once during the architecture of a notification system, “I don’t want to get an email that tells me there is not a problem.”.  The more columns that get added, the more you are guaranteeing wasted space.  As for the argument that states, “Well it’s not that much wasted space, it’s only a bit column.”, how do you think it might be perceived if the accounting department made this argument, “We know we are wasting money, but we’re only wasting a little money.”?  If that is not compelling enough look at it for the ratio of wasted space, in this case we are increasing the necessary data space requirements for this piece of data by 300%!

In Parts I and II, I have pointed out a common development scenario, and have highlighted three shortcomings or on implemented, non-normalized, solution.  In part III, I will propose a normalized solution that eliminates these shortcomings, and saves the developer time, increases application performance and reduces data storage requirements.


View Part III


- Ed Dressler, SQL Server Expert; CTT+, MCDBA, and MCITP LinkIn with Ed

Bookmark and Share

Monday, January 16, 2012

New Year, New Changes in Security Training!

As the new year comes upon us, vendors are rolling out some new or updated courses for the beginning of 2012, but what type of training is right for you or what new courses are worth the time and money?  The answer depends on what area of security you want to pursue.  I always recommend having a very sound understanding of the basics in networking and operating systems if you are getting into security for 2012. As for those of you who already work in security, there are some new and updated courses coming out for 2012 that are very exciting.


One of the things you need to look at is does the course help me understand the security concepts and does the course provide a hands on example for reference.  Some courses discuss a concept but then nothing to really help solidify the concept such as an example.  Also, if you are looking for the latest and greatest in concepts and examples, most vendor classes are about  6 months to a year behind.  It is up to the instructor to provide up to date examples for current concepts.  The instructors background and experience play a major role in filling in the gaps.


So what are the up to date and new courses for 2012? 


Updated Courses


Network+ - 
CompTIA has update the Network+ for 2012 with a more of an emphasis on technologies and how they relate to the OSI model.  I like the fact that they have made more of an emphasis on the areas of SANS and WANS.  However I would say that the course still covers 85% of the previous objectives.  It is not really a huge upgrade, more of an incremental update.


CEH version 7.1


Eccouncil has brought out new revision from their version 7.0 of this class.  This is a major update with even more update labs and content than the previous version 7. 


New Courses


CSAP


This is a new course from CompTIA intended to focus on the 10 year security veteran.  It focuses a lot on Enterprise LAN and WAN security.  As of this writing not to much is known about the CSAP and it may be a while before we know anything more definitive.


Good luck in 2012 and hope you have a great year.

- Tom Pruett, Cisco & Security Expert; MCT, CTT+, CISSP, CWNA, CEH, CHFI, CCSI, CCNA, MCSE LinkIn with Tom

Bookmark and Share

Monday, January 9, 2012

Centriq Announces Cloud Intelligence Conference


We at Centriq are pleased to announce, along with Microsoft,  it will host the 2012 Cloud Intelligence Conference to be held at the Overland Park Convention Center on April 12, 2012. 

This one day conference will cover a variety of powerful network computing information management strategies for businesses of all levels. Some topics will include Public Cloud, Private Cloud, Hybrid Strategies, Cloud Security, Virtualization, Migration and Information Architecture.

Attendees will have the choice of four tracks, with 4 sessions each, in the 2012 Cloud Intelligence Conference including:
  • Cloud Roadmaps and Overviews for Executives
  • Infrastructure as a Service (IAAS)
  • Software as a Service (SAAS)
  • Platform as a Service (PAAS)
This event is ideal for IT professionals, business decision makers and executives from all types of technology backgrounds. Seating is limited. To learn more or register for this event, please visit www.centriq.com/CloudIntelligence.

For questions or more information on the event contact your Account Executive at 913-322-7000.

- Jessica Oliver, Director of Operations LinkIn with Jessica

Bookmark and Share

Tuesday, January 3, 2012

Where is Security Headed in 2012?


2011 was a very difficult year for IT Security.  It seems as though everyone is now taking security very seriously and are now trying to make up for it.  Hackers have definitely gained the advantage and those in security are slowing losing ground.  The reasons for this are many, some are business, some are technology and some are the fact that a lot of companies are just now looking at security.  There is plenty of blame to go around; however hackers may be winning the battle now but are far from winning the war.   None of this was more real to me than after attending Hacker Halted 2011.  

After being exposed to so many new attack methodologies and threats in this cyber war, I came to the opinion that it is still in the reality that we can combat these new threats.   The realization from those on the front line, the trenches of IT security, is still upbeat and hopeful.  Most believe it will take a concerted effort by everyone to gain the upper hand because this is not a war that is won or lost but fought to gain or maintain the upper hand.
 
So what are the challenges for 2012?  This time of year everyone has put out a list of what to look for in the coming year.  I thought I might give a few thoughts on what I think are the main challenges going forward are for 2012.  You’ll see some are challenges we have had for a few years and some are new.
 
1.    Mobile technology threats
Smart phones are around 30% of the phone market.  Users use their phones from getting the latest sports news to paying bills.  The ability now for users to have portable technology almost like a computer, more than doubles the vulnerabilities on a network.  The number will increase over the year because smart phones are just about all that being introduced to the market.  The tablet market is growing by leaps and bounds.  Phones and tablets portability and complexity provide new challenges for securing data.  This is the new frontier of hacking victims.   
 
2.    Small businesses (SMBs) will enter the crosshairs of cyber attacks
SMB’s are the new large victims of hackers.   These types of businesses are the last ones to really start understanding security and its impact.  No more can they just focus on revenue.  What happens when you have no way in making revenue because of a security breach?  SMB’s are the most susceptible to a cyber-attack because of the lack of attention to security.  Although SMB’s are behind, they will be catching up in the coming year.
 
3.    Social media will increase in popularity as a conduit for social engineering attacks
Social media will continue to increase in popularity as the most effective way for social engineering attacks. Social media is fast being adopted by small and large businesses.  Companies can expect to see more social media profiles used as a way for social engineering tactics.  Hackers will use clever tactics to trick end-users into disclosing sensitive and private information and to downloading malware.  Facebook with its 850 million users are prime targets for data breaches.
 
4.    Companies will continue to overlook key vulnerabilities, hoping and waiting for governmental compliance to drive security. 
Governmental regulations remain the yardstick by which most company’s judge and conduct security.  Using a checklist that is developed for security initiatives is dangerous because a number of security regulations overlook basic IT security controls. Sure these regulations address the need for encryption or the development of an incident response plan but few require a wide range of best-practice controls such as up-to-date anti-virus software. More breaches occur as a result of security gaps.
 
5.    Cloud computing services, a storm is coming.
Cloud services continue to gain in popularity, so too will related security breaches will also flourish. Companies are smartly embracing the cloud for the associated cost savings and ease of use. These types of services have been around for years, it has only been in the last couple of years due to increased and stable bandwidth that companies are looking at cloud services.  Unfortunately, current reports indicate that companies are underestimating the importance of security due diligence when it comes to using these cloud providers.   

This is only a few of the security challenges we face in the future.  2012 will see more vulnerabilities, threats and exploits than in any time in the history of security.

- Tom Pruett, Cisco & Security Expert; MCT, CTT+, CISSP, CWNA, CEH, CHFI, CCSI, CCNA, MCSE LinkIn with Tom

Bookmark and Share

An Analysis of Normalization Through the Eyes of the Developer - Part I


I was reminded a few days ago of how important it is to have a solid understanding of normalization and why it is so important to implement.  I would like to take some time to share that with everyone, especially developers. 
 
Twice now, recently, I have been pinged by frustrated people asking me to help solve their SQL problems.  I asked both what the exact problem was and how it was that they thought I could help.  The root of both problems was bad normalization.  That is, functional normalization had not been done.  What follows is a case study of one of the situations including analysis of what went wrong as well as implementing basic normalization to address the current issue and avoid future issues.
 
One of the frustrated developers was put in a position to bolt on functionality that had never been planned for in the original application.  This is certainly not a new phenomenon, but is evidence why developers need to understand functional normalization (maybe even more so than DBAs). 
 
So what was the issue and how could it be avoided?  The application needed to add language support for each one of its products.  So now products would have a language associated with them, presumably this need arose from the company spreading into global markets.  The developer decided to add a separate column for each supported language, in this case four. If the product was a "Spanish" product, the Spanish column would be set to 1 and the other language columns would be set to 0.  Some of us see the problem inherent in this design already, but for those who don't, read on.
 
Before I continue, let us be clear, this proposed design change to support the new function will work!  Function can be achieved on a broad spectrum of efficiency.  The purpose of this blog is not to discuss the viability of inefficient design; it is to highlight what can be gained by efficient design.
 
First, let’s see how this design is in fact inefficient.  Anytime a design choice guarantees a need for redesign in the future, it is by definition inefficient.  Having a column for each language almost ensures that redesign will occur.  What happens when support for a new language is adopted?  Redesign, albeit simple, never-the-less, redesign.  “Oh, no, we are only going to support four languages.”, I don’t buy it.   I’m willing to bet something like this was said during the initial design, “Oh no, we will not need to support other languages.”.  Function will change, plan for it.
 
There are two other main inefficiencies as well as their resolutions that I want to discuss.  I will add those points in future additions to this blog post.  Check back for the follow-ups and conclusion to this, basic but highly impactful discussion.  Until then, stay thoughtful.


View Part II


- Ed Dressler, SQL Server Expert; CTT+, MCDBA, and MCITP LinkIn with Ed

Bookmark and Share