Many organizations consider data to be their most valuable asset as the business has become more digital. Data protection has also become an increasingly difficult task as organizations migrate their data to both public and private cloud infrastructures, such as Amazon Web Services, Google Cloud, and Microsoft Azure. Most businesses today operate in a multi-cloud environment, so locking up valuable data in a vault and guarding the perimeter no longer makes sense.
Mitigating Security Risks in Complex Cloud Environments
A data-centric approach that focuses on protecting data no matter where it resides is critical for organizations to protect their valuable assets in this new reality. Below are five key approaches:
- Establish standards, security, and compliance policies. In out-of-the-box installations of cloud database platforms, vendors rarely enforce more than the most obvious vulnerabilities. When vendors patch vulnerabilities or release new software versions, an organization needs to review policies to ensure that they account for new configurations and settings. Organizations should consider how often policies are updated and what triggers a policy change. If an exception is made, how will it be handled? How will the process of reviewing proposed policy changes be communicated, and which teams should be involved?
- Perform vulnerability assessments: Since databases are a company’s biggest repository of sensitive data, they need to be reviewed to ensure they meet any relevant compliance requirements, in addition to looking for potential vulnerabilities. In order to demonstrate effective data protection, organizations must conduct baseline assessments and establish a practice of continuous assessment so that issues are remediated in a timely manner. In terms of database security, the Continuous Diagnostics and Mitigation standards of the U.S. Department of Homeland Security are an excellent model.
- Identify user privileges and access rights. Users’ privileges are often not updated as they change roles or leave an organization, which makes it difficult for organizations to understand who has access to sensitive information. Most database-scanning technologies today are capable of identifying not only vulnerabilities and misconfigurations, but also users, roles, and privileges. Identifying who has access to what data and why they have that access is the only way to create meaningful controls that track user behavior and act as a baseline in a breach investigation.
- Reduce risks by utilizing data analytics. When you correct high-risk vulnerabilities and misconfigurations within your database, you reduce both risk of compromise and the scope of compensating controls you may need, such as exploit monitoring. Data analytics can help identify your most vulnerable systems or groups based on the risk scores associated with your vulnerability assessment so that you can focus your efforts where you can make the biggest difference (i.e., reduce the greatest risk).
- Mitigate risks with data analytics. The fixation of high-risk vulnerabilities and misconfigurations, as well as any compensating controls needed, such as exploit monitoring, is a key component of reducing your risk of compromise. Analyzing data to tie risk scores to the findings of your vulnerability assessment can help you identify your most vulnerable systems or groups, so you can focus your efforts where you can have the greatest impact (i.e. reduce the most risk).
- Respond in real-time to policy violations. Real-time database activity monitoring (DAM) can be an appropriate compensating control if vulnerabilities cannot be remediated or patched in a timely manner. When a security violation is detected, DAM solutions can notify operations centre personnel so they can take corrective action. If suspicious activity is detected, these alerts are often fed into security information and event management or a network management tool for further investigation.
Changing the Way We Think About Security
We can no longer think of databases as something on-premises that we can protect with perimeter and network security measures since more of them reside in public and private clouds. Organizations can create a data-centric security practice that protects their valuable data no matter where it is by establishing the right policies, scanning for vulnerabilities, managing user privileges, and deploying risk mitigation and real-time monitoring.
Consultant At Datainfa