If you use AWS RDS, your organization is part of a worldwide trend. Forward-thinking companies everywhere are embracing database-as-a-service (DBaaS) to help bring new applications and services to market faster, or to reduce the cost and complexity of their database operations.
What isn’t changing for these organizations, however, is their long list of security and compliance requirements. The failure to protect data is a root cause of every breach – it’s the same for all data no matter where it’s stored or used.
Imperva Cloud Data Security (CDS) is a great solution for ensuring your AWS RDS databases are secure and compliant. It works with all database types available through AWS RDS, including MySQL, PostgreSQL, Microsoft SQL Server, MariaDB, Oracle, Amazon Aurora and Amazon Redshift.
But before more discussion about CDS, let’s delve into the question of what it takes to achieve strong security and compliance in AWS RDS.
Isn’t AWS RDS already secure?
The answer to this question is both yes and no. AWS RDS provides impressive security for the infrastructure itself. However, the AWS shared responsibility model disclosure makes it very clear that it’s you, not Amazon, who is responsible for the security of your own data.
The various database types available in AWS RDS also provide a few built-in security features including access control, encryption and logging. These provide critical preventive security controls, but there are some crucial elements still missing from the picture.
Security and compliance gaps
It’s really easy and inexpensive to spin up new databases in AWS RDS, so there can be a lot of databases out there, many of them off the radar of security and compliance teams. One of the biggest security challenges is knowing about all the databases your company uses. And, among all these databases, knowing where your most sensitive and valuable data is stored. It’s impossible for your security team to secure data it isn’t even aware of.
Assuming that you can find all your databases and know where all the sensitive data is, how can you keep watch on all of your sprawling data estate, to make sure you’re aware of any action that might impact security or compliance? Trying to address this by looking at logs is unrealistic, because of the sheer volume of events and the need to interpret them to understand what they mean.
Data governance best practices say you must be able to track and report on all your information – what you have, where it is, and who is accessing it. This is not a trivial requirement, especially with so many databases. According to a study by the Cloud Security Alliance, more than three quarters of companies using public cloud resources said that auditing for compliance continues to be a major challenge long after they’ve made the move.
Steps needed to close the gap
To address these challenges and ensure your AWS RDS databases remain secure and compliant, there are five critical tasks.
- Inventory all of your databases (continuously)
- Identify where your sensitive data is stored
- Establish a unified set of security policies for all your databases, and alert security teams when out-of-policy activity occurs
- Figure out what normal user behavior looks like so that unusual activity can be detected and flagged
- Be ready to demonstrate compliance for audits
How Imperva Cloud Data Security can help
CDS is a cloud-native solution for protecting AWS RDS databases. It complements the preventive controls already available in AWS RDS to deliver a complete security and compliance solution for your databases.
To do so, CDS provides several key capabilities:
- Discovery – Within a few minutes, CDS discovers the location of all your databases
- Classification – Automatically detect where sensitive data is stored
- Policy Alerting – Notifying you when any violations of your security policy occur
- Compliance Auditing – Out-of-the-box compliance reports on demand
- Security Insights – Identify the security issues you weren’t looking for, by observing baseline user behavior patterns and notifying you when there’s atypical activity
With these strengths, CDS lets you find and resolve issues before they become compliance failures or data breach incidents. As a SaaS solution, CDS requires no software installation. Its patented technology examines only your database logs, and never needs to scan or access your data, so no database login credentials are required.
More information about CDS
Imperva helps you secure AWS databases in minutes
Blog: Is Your AWS Data Secure and Compliant? Cloud Database Visibility in Minutes
Five Steps to Ensuring Secure and Compliant AWS RDS
Imperva Cloud Data Security Data Sheet