In my experience with Thai enterprises, databases consistently rank as the second-highest technology expense, nearly on par with computing infrastructure. While most information technology resources require consistent proper maintenance and industry best practices to secure service level objectives (SLOs) and business continuity, database systems represent the most crucial assets of businesses and should not be overlooked.
When end-customers make requests to websites and services, computing infrastructure hosts the business logic and accesses databases to process these requests and serve end-users. The significant investment in databases makes sense when we consider that these systems store data that differentiates businesses and cannot be replicated without proper disaster recovery strategies in place, while the logic held in compute could theoretically be reconstructed through existing business requirements.
This article will examine three key aspects of database management based on my experiences: the common usage patterns of databases found in growing businesses, the challenges faced in servicing data and their root causes, and methodologies to address these challenges. By understanding these elements, businesses can recognize the importance of properly allocating time for maintenance and implement high-level procedures that enable room for future growth.
The opinions expressed in this article are my own and are based on my experience as a cloud engineer. AI was utilized in restructuring these sentences and fixing grammatical errors.
Where Are Your Data
While purpose-built databases exist to serve tailored data use-cases, relational databases remain the most common and tested database type across Thailand’s business landscape. According to observed enterprise IT spending, relational databases typically account for an average of 80 percent of the total spending. This widespread adoption additionally stems from the fact that relational databases power the backend of today’s popular software packages, in itself a technical decision made by their developers. These software packages range from content management software (CMS), e-commerce, customer relationship management (CRM), and enterprise resource planning (ERP) software.
With the growing demands of software applications comes the increasing need for databases to serve them, with self-hosted deployment options remaining a popular choice. At the time of writing, newer businesses may utilize managed databases hosted by IT service providers or opt for few-clicks managed software deployments that require minimal operational overhead. Smaller businesses often turn to low-code platforms to build their applications, which offer reduced operational complexity—only requiring attention to the service limits of their current usage plans.
However, maintenance operations for self-hosted databases frequently get overlooked or superseded by priorities with more visible immediate business implications. Unlike projects with predictable return on investment (ROI), database maintenance doesn’t showcase its value upfront—yet neglecting it silently accumulates risk that remains largely invisible to businesses. This buildup can lead to irreversible damage, including the deletion of critical business data, or reversible damage that requires remediation efforts that block deliveries and impact on customer timelines and trust.
The demand for cloud databases and Database as a Service (DBaaS) is growing in Thailand as businesses aim to store, manage, and analyze their data in a scalable and cost-effective manner. (https://www.6wresearch.com/industry-report/thailand-cloud-database-and-dbaas-market)
Challenges Servicing Data
How do DBAs manage multiple service databases for application teams?
The processes for maintaining security, performance, and reliability of databases involve applying updates and patches to the underlying operating system that hosts the database engine, the database engine itself, and supporting components like feature extensions running on the database.
For businesses, database administrators (DBAs) primarily own this activity and maintain these processes in patching and upgrading to minor or major versions of a database engine. Additionally, application development teams evaluate these changes in early development environments, particularly for major version database engine upgrades.
One of the primary challenges of owning the operations of a set of live databases is that teams or administrator are unable to keep up, allowing databases to become too far deprecated, risking them becoming unsupported due to end-of-life status, and missing opportunities to leverage frequent changes released through minor upgrades.
Secondly, changes to the application including new database versions require functional and performance testing from application teams before pushing the change into production environments.
Thirdly, having to own complex and challenging requirements makes it hard to perform maintenance on the database. These challenges include a mismatch of service level objectives (SLOs) that may be too high, and usage that exceeds the tested (best) practices of the database engine, including large database sizes.
As a database administrator or relevant party involved in managing database reliability, one should evaluate the version lifecycle of respective database engines, stay informed of new minor versions, and decide how long to remain on a specific major version. This planning should be coordinated across teams to inform stakeholders of the risks, opportunities, and end-user impacts.
The balancing act becomes particularly challenging for database infrastructure owners who must maintain multiple database environments while ensuring minimal impact to users through reduced downtime during upgrade processes. Without several initial discussions on proper mechanisms to address this challenge, businesses often struggle with limited resources later on, making it difficult to implement comprehensive maintenance strategies as database instances grow increasingly critical across the organization.
Routine Maintenance Matters
Every few minor versions of the database engine are observed to contain software fixes that address security issues and improve the reliability of the major version. While these fixes address different levels of impact and severity, since they are typically important unplanned releases, downstream applications using specific versions should be able to accommodate out-of-cycle changes, allowing them to be tested and rolled out into production environments in a timely manner.
Since 2018, notable cyber attacks in Thailands have been related to data breaches and have led to ransomware incidents. Ransomware is a type of attack that focuses on taking control of the target’s data until a ransom or an equivalent demand is paid. The majority of these notable attacks targeted database systems storing customers’ personal records, with the goal of demanding a ransom or selling the data online. It’s worth noting that these attacks extend to various types of datastores beyond traditional databases.
According to posts on cyber reslience from The Secuirties and Exchange Commission (SEC) of Thailand and news report on cyber attack, quoting Check Point Software, data breaches accounted for 6.8% of the total 3,180 cyber attacks per week per organization in Thailand in 2024, leading to significant economic impact, data privacy and PDPA legal concerns, and loss of consumer trust. While ransomware accounted for 1.5% of attacks, it caused additional critical disruptions to service availability. The SEC has emphasized recommendations that include implementing consistent software updates and maintaining regular data backups as fundamental defensive measures.
The thirty-first of July marked the first instance of Thailand’s government punishing a private firm for failing to protect users’ personal data. The Personal Data Protection Committee (PDPC) of Thailand’s Ministry of Digital Economy and Society (MDES) has announced the first administrative fine under the Personal Data Protection Act B.E. 2562 (2019) (PDPA). A major private company was fined THB 7 million for noncompliance with specific PDPA requirements, resulting in the unauthorized disclosure of personal data to a call center gang (phone scam fraudsters). While database maintenance serves primarily as a preventive measure rather than a detective control — which would be better addressed through proper access controls and auditing of database systems — the PDPA has established robust enforcement mechanisms including PDPA Eagle Eye (an offensive mechanism actively monitoring for violations across both private and public sectors) and PDPA Center (a defensive mechanism providing advice, raising awareness, and handling complaints).
From my perspective, Thailand’s first PDPA enforcement marks a positive shift toward stronger data protection accountability. However, businesses can leverage this opportunity earn customer trusts with how they protect customer’s data through proactive security practices, particularly around database maintenance. Organizations that implement robust update protocols, conduct regular vulnerability assessments, and maintain comprehensive backup strategies will likely gain a competitive edge in the long run by earning and retaining customer trust.
Treating security as a business enabler rather than just a compliance requirement allows companies to significantly reduce vulnerabilities while building customer confidence.
The key to success lies in fostering cross-functional alignment between IT, security, development, and business teams. The how requires teams to develop a clear understanding of the activitiy and their respective roles in the process.
How Does The Activity Plays Out
The distinction between minor and major version updates is critical for database management planning. Minor versions typically include security patches, bug fixes, and performance improvements while maintaining backward compatibility. Major versions introduce significant new features or architectural changes that may require application modifications.
Database upgrade and patching procedures traditionally require downtime, impacting application availability. However, modern database configurations can significantly reduce this impact through methodologies like zero downtime patching. This approach involves maintaining parallel database environments, which drives costs from additional resources used but is valuable for mission-critical applications where excess downtime directly impacts business operations and customer experience.
The decision between accepting some downtime versus investing in near-zero downtime capabilities should be guided by formal service level agreements (SLAs) and business requirements. Organizations handling financial transactions or supporting critical services may justify the additional operational complexity of zero downtime approaches, while others might schedule maintenance during low-traffic periods.
The ability to achieve near zero-downtime involves additional operational investments and tested procedures across roles. These investments are justified through your service level agreements, which define commitments on service availability to end users.
One of the primary mechanisms to drive successful database patching relies on cross-functional collaboration between database administrators, application teams, and business stakeholders through enable the appropriate user expectations. By establishing regular maintenance cadences with smaller, more frequent updates, organizations can reduce the complexity and risk associated with infrequent major upgrades while keeping systems secure.
Investing in development cycles that include performance and functionality tests to validate changes is essential. Equally important is ensuring a manageable system through proper data lifecycle management practices, including housekeeping and backup procedures.
Comments
I'm looking for testers for a new commenting system! Interested? E-mail me here with subject of ‘Comment System Tester’.