Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

Zen and the Art of Cloud Database Security (Part 1)

More and more organizations are moving applications and data to IaaS/PaaS environments in order to enjoy the benefits of cloud computing while still preserving application flexibility and control.

More and more organizations are moving applications and data to IaaS/PaaS environments in order to enjoy the benefits of cloud computing while still preserving application flexibility and control.

However, many enterprise IT departments have serious concerns about moving their more sensitive servers and data to the cloud. They have reason for concern: industry experts agree that moving sensitive data into the hands of third-party cloud providers expands and complicates the risk landscape in which companies operate every day:

• The Cloud Security Alliance states that data breaches are the top cloud computing security threat.

Cloud Security: Protecting databases• The IBM Security Services 2014 Cyber Security Intelligence Index reports 1.5 million monitored cyber-attacks in the US alone in 2013, a figure that is accelerating due to the growing use of cloud infrastructure, among other factors.

• The Ponemon Institute’s recent study, “Data Breach: The Cloud Multiplier Effect,” clearly indicates that IT and security professionals believe that migrating to cloud services dramatically increases the likelihood and economic impact of data breaches by several magnitudes, due to a lack of confidence in the security of data in the cloud.

These reports are reinforced by a consistent stream of news stories about hacked company data.

While migrating application components to the cloud is challenging, migrating database servers can prove to be far more difficult, especially in terms of security. Application and Web servers usually require protection from integrity and availability threats, areas for which sufficient mitigating controls are available in cloud technologies. But databases usually require protection against confidentiality threats as well, not to mention adherence to data-related laws and regulations.

This two-part article outlines the most important aspects to consider when migrating a database to the cloud. Part-one of will focus on understanding the scope of your database landscape, and I will address how to effectively build your security strategy in part-two.

Understand the Scope

Advertisement. Scroll to continue reading.

• What data are you moving?

Cloud computing adds a number of risks and attack vectors for your risk management plan to consider. Different types of data encompass different challenges. If you are moving Personally Identifiable Information (PII) or other regulated data, you will need to ensure that the migration does not affect your regulatory compliance.

Tools that provide eDiscovery options can help to identify sensitive database content, to understand the regulatory aspects and to assist in classification of the data according to risks.

• Who is accessing the database?

In order to fully understand the security aspects of a database, you need to examine who is accessing the database and for what purposes. Remember to think beyond regular user access. For example, administrative tasks should be mapped out to ensure that granular access controls will be maintained after moving to the cloud.

If the application uses external data sources, you may require new controls, such as data-in-motion encryption and data integrity validation, in order to retain data confidentiality and integrity as this data moves from those sources into the database.

Tools such as database activity monitoring (DAM) can be a huge help in mapping database access from different sources (users, administrators, third-party contractors, applications, etc.). Once the database access is mapped, you will have a better understanding of your cloud database security requirements.

• To where are you moving the data?

Understanding the environment into which you are transitioning plays a great role in securing your data. Not all IaaS/PaaS providers offer the same security capabilities. Migrating your data into a database managed by a cloud provider poses different challenges than installing your own database infrastructure. When weighing your cloud provider options, make sure that you fully understand the security aspects involved. For example:

• What physical and network security infrastructure is in place?

• Who has administration access to the database?

• Can you allow/disallow granular access to different data and database resources?

Keep in mind that different geographic locations could mean different regulations, laws and standards; factors that could affect your hosting provider choice.

Please check back for part-two of this series, when we will discuss building out your security strategy to map back to your required security policies and specific database landscape.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

CISO Conversations

SecurityWeek talks to Billy Spears, CISO at Teradata (a multi-cloud analytics provider), and Lea Kissner, CISO at cloud security firm Lacework.

Cloud Security

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to Outlook.com and Exchange Online.

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...