The leadership of the small company I work for has gotten very excited about SaaS and is pushing our product into a SaaS deployment – I have a concern about this because part of the functionality of the product is based on the users being able to use business intelligence tools to write reports against the application's underlying database.
When I ask about how we plan on providing that functionality in the SaaS model, I am greeted with blank stares and the response is simply that we will expose the database server on the internet and allow people to query the database as if it were running within their corporate network.
This scares the bejeebers out of me, but I don't know if I am just being paranoid, or if there is significant reason to be concerned.
So my question is: is it possible to appropriately harden the security of an Oracle database server so that we wouldn't need to be concerned about the fact that it will sit exposed on the internet? And if so, what resources should I be researching to learn to do this? The database will be storing proprietary information that our clients would not want to expose to the world, and yet a proposal to put this functionality behind a VPN has been squarely rejected.
My searches on hardening an oracle database have pretty much all included statements along the lines of "Never ever poke a hole in your firewall", so it could be that the correct answer here is "Update your resume as fast as possible", but I appreciate whatever advice you can give.
Best Answer
Exposing a database isn't really a giant issue compared to some of the other services that are often exposed to world+dog... except that it's a complicated system with a lot of potential vulnerabilities, including permissions escalation. I would make sure that you don't expose the database to public queries and run with SSL required, etc. I would say it's possible, but yes, you should be paranoid and you should maintain a separate database install for the public facing one. If your company's not willing to pay the licensing costs for that, yeah, skedaddle.
From the customer/support side, connecting directly to the database might be an issue if the customer's ISP blocks certain types of ports or traffic.
In a SaaS model, what you'll generally want your programmers to do is to write an API that can be queried from the application. APIs of this nature typically operate over https and provide data back to the application in the HTTP response. Added bonus: It works from anywhere where the web works, it is VERY easy to cache result sets using memcached or other caching technologies to reduce load on the db server, and http auth is pretty well supported and tested.