WP The Business Case for Modernizing On-Premises and Cloud-Based Database Security | Imperva

The Business Case for Modernizing On-Premises and Cloud-Based Database Security

The Business Case for Modernizing On-Premises and Cloud-Based Database Security

Nobody ever says, “We don’t need better security for the data we manage.” There is, however, a balancing act that security professionals perform every day to get the most security value from their solutions at the lowest possible cost. As they move more workloads into cloud-native environments and more databases are introduced to an organization’s asset repository, the relationship between cost and performance changes. In this post, we’ll explain what drives changes in the cost/performance relationship and what features you need from a modern solution to maximize (and demonstrate your investment in) your database management security strategy.

While we are still living in an on-premises security world, securing cloud data is a principal concern. Foundry’s (formerly IDC) 2022 Cloud Computing Survey revealed that more than a third (35 percent) of IT Decision Makers reported data privacy and security concerns, while another third (34 percent) mentioned their organization lacked the skills and expertise to keep cloud data secure. One quarter (25 percent) cited securing and protecting cloud resources as a pain point.

For most enterprises, cloud migration is uncharted territory; both in terms of managing the data sources and understanding the threat landscape. Security professionals see a growing infrastructure that they must manage, more difficult auditing and reporting, and potentially longer incident response and resolution times. They also recognize the importance of investing to meet these challenges. In fact, more than three-quarters (78 percent) of IT and security professionals say the differences between cloud-native and on-premises applications and infrastructure require a distinct set of security policies and processes. These differences have led to buying more security controls, driving complexity. Seventy percent report too many tools are needed to protect public cloud environments.

What specific strategies do enterprises need to implement to ensure sufficient on-premises and cloud-based database security to maximize both their effectiveness and investment?

A unified approach to data protection

Organizations must consolidate multiple data security tools, or upgrade from an outdated legacy solution to simplify infrastructure. Today, organizations of all sizes and in any industry can leverage the capabilities of a unified data-centric security fabric.

Whether managing data repositories in on-premises or in multi- or hybrid-cloud environments, your data security solution must enable you to apply proactive controls and predictive analytics so security analysts and governance staff in the organization can leverage capabilities for activity monitoring, security assessments, risk modeling, and attack detection to avoid damaging data breaches or compliance failure. The solution must be able to identify behavior that violates data use policy across the entire data repository. It must then apply advanced risk analytics to detect indicators of malicious insider activity or compromised user accounts that can evade data repository access controls and circumvent data encryption.

The benefits of this unified approach are easy to quantify. According to the 2021 Ponemon Cost of a Data Breach study, the average cost of a breach is $4.24 million, so even incremental percentages of risk reduction from complete coverage of all data repositories provide a significant return on investment.

End-to-end sensitive data visibility

Traditional data security tools have always struggled with managing sensitive data. A recent Enterprise Strategy Group (ESG) study of 304 IT professionals reported 57% of respondents said they believe more than 20 percent to as much as 50 percent of their sensitive data already stored in the public cloud is likely insufficiently secured. Sixty-one percent of respondents said they have either lost data or suspect they have lost data.

Your data security solution must eliminate blind spots for security and governance teams by providing visibility to how sensitive data is stored, shared, and used – even in the cloud. It should also unify security controls enterprise-wide, and protect both structured and unstructured data, including privacy-related personal data. To keep infrastructure simple, the solution should automate data security and compliance tasks that had previously been done manually, such as reporting and incident management.

Here again, quantifying the benefits is straightforward. The Privacy Incident Benchmark Report 2022 found organizations that leverage automated incident management solutions decreased the time it takes to meet breach notification compliance after a data breach by 169 hours (22 percent per incident), the equivalent of seven days.

Seamless integration with all data repositories

A unified solution capable of gaining visibility into all data repositories and managing the sensitive data contained in them is impossible if the solution does not seamlessly integrate with all environments. Your solution should feature built-in integrations with widely used enterprise data repositories and security ecosystem solutions such as SIEM tools and CMDB tools. It should also operate seamlessly with cloud infrastructure from AWS, Azure, Google, and others, plus traditional on-premises infrastructure from network and storage vendors.

Find the right modern data security solution for your organization

To learn more about Imperva’s approach to data protection, please contact your Imperva Account Representative.

Imperva Data Security Fabric (DSF) provides centralized data security across legacy and modern cloud environments by automating detection, protection, and risk response for all data across multi-cloud and hybrid environments. Imperva DSF makes it easier for customers to understand and mitigate data risk at every step of their security journey across structured, semi-structured, and unstructured data.