Put simply, attackers want to access your data. Whether it is on-premises or in the cloud, your data needs to be protected and, in some cases, even put under compliance controls.
The core principles for protecting your potentially business-critical data are:
- You need to know where your sensitive data is
- You need compliance controls for regulated categories of data
- You need to monitor internal users and look for bad behaviours
- You need to be on the lookout for external threats
Put simply, you need to have visibility on who did what, why, and when.
The principle for protecting your data and ensuring compliance are the same but how to do it differs when using a database-as-a-service (DBaaS):
- Application teams embrace microservices techniques to leverage the power of the cloud. Microservices affect the databases behind the applications in two ways. First, there are more databases, as each microservice can use its own data. Second, each microservice can use different database types dependent on the application’s needs. For example, a service that deals with user logins might use SQL, whereas, a service that deals with order management might find NoSQL works better. For security, it means that security teams need to accommodate more databases and a wider variety of them.
- Once a company embraces microservices, manual deployment options end and DevOps centric flows take over. There are two side effects. First, DevOps accelerates with full application stacks deployed and managed through tools like Terraform’s infrastructure as code scripts. Second, these agile apps require modern security solutions that can fit the CI/CD process with API workflow coverage with equal automated agility.
- Security teams need elastic tools to keep pace with elastic application and storage stacks.
What is Cloud Data Security?
Our trusted vendor partner, Imperva designed Cloud Data Security (CDS) to help security teams to break through the paradigm that security lags behind application agility. CDS was written in a modern, cloud-native way, to allow security to keep in step with the business without impeding innovation agility. CDS specifically protects managed data stores in the cloud, filling the gap between the modern application release flow and mandates to protect data to meet regulatory compliance.
As a SaaS solution, CDS simplifies the deployment and management of database security. Nothing to install, no impact on the monitored database. Your effort to protect one or a thousand DBs is the same.
The benefits of CDS:
- Ongoing discovery – Cloud environments are dynamic. CDS discovers databases on its own continuously: no need to initiate a scan or perform any manual task to have full visibility of your managed DB resources.
- Ongoing classification – Our passive classification (patent pending) works all the time to track where sensitive data reside: no sampling or any manual effort needed to be aware of where sensitive data resides.
- Compliance by default – CDS has predefined audit reports and policies to ensure you can meet regulations; Start monitoring any new DB discovered with audit reports and policies applied automatically.
- ML/AI based security – CDS insights analyse user behaviour to learn baselines and alerts on anomalous behaviour like brute force attacks.
CDS is now ready to get you started on the path to visibility and control over your data hosted in a cloud providers’ DBaaS.
If your task is to get security and compliance controls in place for business programs in flight, the speed and non-intrusive nature of CDS will resonate with the business owners. If you are the lucky few security persons with a greenfield program, CDS is a great start with a rich roadmap of capabilities that only a SaaS security platform can deliver seamlessly.
Working closely with Imperva, we help to onboard CDS solutions in a quick, easy and pain-free that meets the specific needs of your business.
Get in touch to speak to an expert or to arrange a free demonstration here.