Internal and external attackers are after your data. Regardless of where the data resides, cloud, or on-premises, you need to protect it. In some cases that data needs to be put under compliance controls.
Data protection principles hold for data hosted in the cloud database as a service (DBaaS). For AWS, that is RDS, Redshift and others:
- You need to know where your sensitive data is.
- You need compliance controls for regulated categories of data.
- You need to monitor internal users and look for bad behaviors.
- You need to be on the lookout for external threats.
Simply put you want to be able to trace who did what.
Although, the protect and comply data security principles are the same, the “how” to do it differs when using DBaaS:
- To leverage the power of the cloud, application teams embrace microservices techniques. Microservices affect the databases behind the applications in two ways. First, there are more databases, as each microservice can use its own data. Second, each microservice can use different database types dependent on the application’s needs. For example, a service that deals with user logins might use SQL, whereas, a service that deals with order management might find NoSQL works better. For security, it means that security teams need to accommodate more databases and a wider variety of them.
- Once a company embraces microservices, manual deployment options end and DevOps centric flows take over. There are two side effects. First, DevOps accelerates with full application stacks deployed and managed through tools like Terraform’s infrastructure as code scripts. Second, these agile apps require modern security solutions that can fit the CI/CD process with API workflow coverage with equal automated agility.
- Security teams need elastic tools to keep pace with elastic application and storage stacks.
Introduction to Cloud Data Security
Imperva designed Cloud Data Security (CDS) to help security teams to break through the paradigm that security lags behind application agility. CDS was written in a modern, cloud-native way, to allow security to keep in step with the business without impeding innovation agility. CDS specifically protects managed data stores in the cloud, filling the gap between the modern application release flow and mandates to protect data to meet regulatory compliance.
As a SaaS solution, CDS simplifies the deployment and management of database security. Nothing to install, no impact on the monitored database. Your effort to protect one or a thousand DBs is the same.
Highlights of CDS:
- Ongoing discovery – Cloud environments are dynamic. CDS discovers databases on its own continuously: no need to initiate a scan or perform any manual task to have full visibility of your managed DB resources.
- Ongoing classification – Our passive classification (patent pending) works all the time to track where sensitive data reside: no sampling or any manual effort needed to be aware of where sensitive data resides.
- Compliance by default – CDS has predefined audit reports and policies to ensure you can meet regulations; Start monitoring any new DB discovered with audit reports and policies applied automatically.
- ML/AI based security – CDS insights analyze user behavior to learn baselines and alerts on anomalous behavior like brute force attacks.
CDS is now ready to get you started on the path to visibility and control over your data hosted in a cloud providers’ DBaaS.
If your task is to get security and compliance controls in place for business programs in flight, the speed and non-intrusive nature of CDS will resonate with the business owners. If you are the lucky few security persons with a greenfield program, CDS is a great start with a rich roadmap of capabilities that only a SaaS security platform can deliver seamlessly.