What is Data Integrity?

Ensuring data integrity within an organization requires addressing human and technology-related data management challenges.

OLTP environments

The biggest data integrity challenge in OLTP environments is managing concurrent transactions while maintaining data consistency, especially during high-volume operations. This challenge requires balancing strict Atomicity, Consistency, Isolation, and Durability (ACID) compliance with performance requirements. Here, multiple users must be able to simultaneously modify the same data, without encountering race conditions and deadlocks, while maintaining the system's real-time processing capabilities.

Business intelligence and analytics

For business intelligence and analytics use cases, limited integration among data sources and systems prevents companies from maintaining a unified, accurate view of their data assets. Additionally, reliance on manual data entry and collection can introduce typos, omissions, and inconsistencies that compromise data accuracy.

Auditing and data trails

Another challenge is the absence of proper audit trails, making it difficult to track data history from collection to deletion. Organizations risk losing visibility into unauthorized data modifications. Legacy systems further complicate data integrity by using outdated file formats or lacking essential validation functions. Moving data to the cloud enables the implementation of more centralized data quality mechanisms and reduces the time and effort required for data integrity checks.

Consider the following measures to implement logical integrity in the AWS cloud.

Implement object data integrity

Most cloud data operations begin with Amazon S3 buckets, which can store any data type as objects. You may frequently move data between Amazon S3 buckets, databases, and other cloud services or on-prem storage. Amazon S3 provides built-in checksum mechanisms to reduce data integrity risks during uploads, downloads, and copies.

A checksum is a unique, fixed-length value generated from data using a specific algorithm. It creates a unique digital fingerprint, allowing systems to detect data corruption or unintended modifications. When copying objects, Amazon S3 calculates the checksum of the source object and applies it to the destination object. It raises alerts in case of a mismatch. Amazon S3 supports both full object and composite checksums for multipart uploads. Full object checksums cover the entire file, while composite checksums aggregate individual part-level checksums.

Use the checksum functionality as explained below.

Uploads

Amazon S3 supports several Secure Hash Algorithms (SHA) and Cyclic Redundancy Check (CRC) algorithms, including CRC-64/NVME, CRC-32, CRC-32C, SHA-1, and SHA-256. If using the AWS Management Console, select the checksum algorithm during upload. If no checksum is specified, Amazon S3 defaults to CRC-64/NVME.

Downloads

When downloading objects, request the stored checksum value to verify data integrity. Depending on whether the upload is complete or still in progress, retrieve checksum values using the GetObject, HeadObject, or ListParts operations.

Copying

If an object is copied using the CopyObject operation, Amazon S3 generates a direct checksum for the entire object. If the object was initially uploaded as a multipart upload, its checksum value will change upon copying, even if the data remains unchanged.

Implement data pipeline integrity

Another common use case is moving data to cloud data lakes, warehouses, or managed database services. Setting up data integrity checks in such data pipelines is error-prone, tedious, and time-consuming. You must manually write monitoring code and data quality rules that alert data consumers when data quality deteriorates.

During migration

AWS Database Migration Service (DMS) protects data integrity during migrations to AWS Cloud databases through multiple built-in safeguards and validation mechanisms. DMS performs automatic validation to compare source and target data, identifying and resolving discrepancies through data re-synchronization.

DMS includes checkpoint and recovery features that enable migrations to resume from the last known good state if interruptions occur, while providing comprehensive monitoring and logging capabilities to track migration progress. Additionally, DMS ensures data security through SSL encryption for data in transit and integration with AWS security services.

Database infrastructure

AWS databases protect data integrity through multiple comprehensive mechanisms and features, including automated backups and Multi-AZ deployments that ensure data durability and consistency. These databases enforce referential integrity through built-in constraints, maintain ACID compliance for transactional consistency, and provide point-in-time recovery capabilities. Managed database services, such as Amazon Relational Database Service (RDS) and Amazon Aurora, allow you to set specific controls for data integrity. For instance, Aurora allows you to set different transaction isolation levels on your OLTP database.

For enhanced protection, AWS databases support disaster recovery through multi-region deployments, replicating data across geographically distributed regions. Integration with Amazon CloudWatch helps identify and resolve potential data integrity issues before they impact operations.

Data integration

AWS Glue is a serverless data integration service for preparing and combining data in the AWS cloud. AWS Glue Data Quality feature reduces the manual data validation efforts from days to hours. It automatically recommends quality rules, computes statistics, and monitors and alerts you when it detects incorrect or incomplete data. It works with Data Quality Definition Language (DQDL), a domain-specific language you use to define data integrity rules.

In gathering data from OLTP systems for use in analytics, you can use AWS Glue pipelines to push data from your databases to analytics services.

You can further publish metrics to Amazon CloudWatch for monitoring and alerting.

Implement data backup integrity

Large enterprise projects may have diverse teams taking data backups and accessing Amazon S3 stores from diverse locations. Data governance becomes a challenge in such distributed data backup operations. Note that AWS databases come with built-in backup features.

AWS Backup is a fully managed service that centralizes and automates data protection across AWS services like Amazon Simple Storage Service (S3), Amazon Elastic Compute Cloud (EC2), Amazon FSx, and hybrid workloads in VMware. You can centrally deploy data protection policies to govern, manage, and configure your backup activities across AWS resources and accounts.

AWS Backup is designed to maintain data integrity throughout the data lifecycle, from transmission and storage to processing. It applies rigorous security measures to all stored data, regardless of its type, ensuring high protection against unauthorized data access. You retain complete control over data classification, storage locations, and security policies, allowing them to manage, archive, and safeguard data according to their needs.

AWS Backup collaborates with other AWS services to preserve data integrity using multiple mechanisms. This includes:

• Continuous checksum validation to prevent corruption.
• Internal checksums to verify data integrity in transit and at rest.
• Automatic redundancy restoration in the event of disk failures.

Data is redundantly stored across multiple physical locations, and network-level checks also help detect corruption during data transfers.