Imperva’s Comprehensive Data Security Platform for Cloud, Explained

Imperva recently introduced the industry’s first database-agnostic security platform specifically built for cloud. The Data Security solution unifies security management for organizations’ entire data environment, supporting databases wherever they’re hosted, including managed database services (also called database as a service or DBaaS), infrastructure as a service (IaaS), multi-cloud and hybrid cloud environments.

There’s a lot of information packed into that statement, so let’s break it down to understand the full impact.

What is data-centric security, and why does it matter?

When security measures are data-centric it means that they focus on securing the data itself, especially sensitive data. Data-centric controls are complementary to other security strategies such as those focusing on the network pathways to the data, the servers hosting applications, and the applications that handle the data. There’s no question that these are critical components of security and compliance. In fact, Imperva offers some great solutions in these areas that provide critical layers of a defense-in-depth security strategy.

However as the security “perimeter” has dissolved and environments have become more complex, security strategies that don’t include a data-centric component are not enough to fully protect your enterprise against expensive, reputation-damaging data breaches. They don’t protect you when attackers posing as legitimate users perform actions on your data that appear to be innocuous but are actually devastating. Nor do they prevent careless or malicious actions by legitimate users. In all of these scenarios, despite the security controls mentioned above working as intended, attackers can still steal, change, or delete your sensitive data.

Maintaining data security in the cloud is complicated

Enterprises are rapidly embracing cloud data environments such as managed database services and IaaS alongside their more traditional on-premises databases. This explosion in the diversity and scale of their data landscape presents InfoSec and compliance teams with a lot of new challenges as they try to maintain good security posture.

Each new database environment brings its own nuances in management of security, compliance, and privacy. It’s difficult for a single security team to learn and maintain staff expertise in the tools and techniques in Amazon Web Services, Google Cloud Platform, Microsoft Azure, Snowflake, MongoDB Atlas, and all the other modern database environments.

Also, the traditional database security tools and processes in InfoSec teams’ tool kit don’t easily adapt to cloud scenarios. For example, it’s not possible to install database monitoring agents in managed database services environments. It’s also highly impractical to require that all data flowing to and from cloud-based databases pass through a proxy service.

Essentially, these traditional tools either won’t work at all, or they greatly diminish the value of transitioning to the cloud. As a result, organizations often end up using a patchwork of individual tools. Every tool is its own operational silo, multiplying the burden on finite InfoSec resources.

Imperva normalizes and unifies security across the entire landscape

Imperva’s Data Security platform brings security for all these database worlds together into a unified management system. Imperva abstracts all the idiosyncrasies out of each separate domain to provide a holistic security and compliance experience. For example:

InfoSec practitioners can create and monitor security policies that apply to the entire landscape, so they don’t have to repeat the process multiple times in different ways
Advanced security analytics operate automatically across all the databases, regardless of type or location
Audit log data is translated and augmented with important context, unlocking its actual meaning and relevance
Multiple years’ worth of contextualized audit information is stored for rapid retrieval, speeding review for compliance or forensics
Any database, data lake, data warehouse etc. can be monitored, providing confidence security will be maintained no matter what infrastructure decisions the business makes

Out of the box, Imperva natively integrates with over 65 databases, and support for additional databases can be added in under a month. Newly created cloud workloads can be secured in just a few minutes. It also ties into and leverages whatever security tools and processes are already in place, such as bi-directional integration to push critical security data to SIEM solutions, or the ability to ingest logs from pre-existing database activity monitoring tools.

How is this different from other solutions that claim to secure a hybrid database environment?

The simplest answer is the Imperva platform uses the native APIs provided by cloud service providers – the way they intended organizations to consume their services. This hyper-efficient architecture abstracts out all the underlying complexity so that you can work with all kinds of databases – on-premises, private cloud, managed database services, multi-cloud, etc. Being agentless also ensures that no component sits between the client and server so nothing can slow or break your applications and no one can bypass being monitored.

This is a small taste of all the valuable capabilities of our new platform. It’s impossible to cover much in a short blog article, but you can learn more about it here.

Why this is so impactful for organizations

Imperva’s Data Security platform gives enterprises confidence that securing their data will not be an impediment to progress along their cloud journey. CIOs can therefore make the best decisions for their organizations about what infrastructure to use, ensuring that projects can move forward with minimal concerns about the security and compliance of their data.

Reduction in complexity around database security also means organizations can use fewer separate security tools. This allows InfoSec leaders to focus less on mundane details of multiple tools and more on driving security, compliance and governance outcomes for the enterprise. A great side benefit of this simplification is less spending on multiple security tools and the potential to consolidate vendors.

Security teams themselves benefit by dramatically simplifying their job of protecting the organization’s sprawling database landscape, with single-pane-of-glass administration, integration with other IT security investments and broad database coverage.

Imperva’s solution is in active production use by Fortune 2000 companies in many industries including healthcare, financial services, government, manufacturing and more. We’d love for you to take a look at it too.

Join our upcoming webinar “Simplifying Data Security In Modern Multi And Hybrid Cloud Environments.”