Light Dark
August 13, 2013 By Sudhee Subrahmanya 3 min read
Intelligence & Analytics
Cloud Security
Data Protection
Endpoint

The infamous bank robber Willie Sutton is often quoted as saying that criminals go after banks because “that is where the money is.”  Whatever the source, the intended meaning is of course that thieves try to steal wherever things of value are located.

In the digital age, information is the new source of value.

Databases hold personal information of all kinds – be it financial, health related or business transaction related. In addition, organizations are also collectinga growing amount valuable data that gives insight into behavior of their customers.

The Wall Street Journal had a recent article on how Big Data is changing the whole equation of business in various industries. As technology enables new insights into business it becomes even more important to protect the data that is in the Cloud or in the IT infrastructure.

How to Implement Data Security in the Cloud

There are four basic steps to implementing data security in the cloud.

1. Understand and Define

  • Discover where the sensitive data resides
  • Classify and define the data types
  • Define policies and metrics for who accesses and how this data is managed

Automated tools can help identify the organization’s important and sensitive data, and discover where it resides.  Keep in mind that sensitive data is not just in databases, but  also includes unstructured data in documents, log files that are spread out over multiple servers, non database repositories, and so on.

2. Secure and Protect

  • Protect data from authorized and unauthorized access
  • Encrypt or de-identify confidential or sensitive data including in non-production environments (as an example – in testing environments)
  • Redact unstructured data, i.e., “white-out” areas of a document that you don’t want seen

Implement policies and access control solutions to make sure that only authorized personnel can access the data is necessary but not sufficient. There are also situations where you want to make partial data available to certain personnel but not the full data.  For example, you may want customer support personnel to access only the last four digits of a customer’s social security number. In other situations, you may want that same data to be completely hidden. Encryption, redaction, and masking solutions can help protect sensitive data.

3. Monitor and audit

  • Audit and report for  compliance
  • Monitor and enforce review of policy exceptions
  • Assess database vulnerabilities

Many organizations have no database security monitoring solution in place, or they have attempted to build a “home grown” solution based on native auditing. These can require lots of labor, time, and expertise to setup and maintain in a large, heterogeneous environment. Turning on database-logging will greatly reduce database performance.

4. Establish Compliance and Security Intelligence

  • Automate reporting  customized for different regulations to demonstrate compliance
  • Integrate data  activity monitoring with security information and event management (SIEM)
  • Break down silos across the cloud (or IT enterprise) and implement security intelligence for proactive defense.

We are seeing a rise in the need to be more proactive about cross-IT security, using analytics to predict possible threats and act accordingly, rather than just react to attacks. Think about “zero-day threats” or “advanced persistent threats” here. SIEM technologies (Security Information and Event Management) in particular have been tapped to address this kind of Security Intelligence approach. SIEM solutions provide a single unified view & the real-time analytics, to rapidly identify & correlate targeted attacks from different sources or silos across IT.

Traditionally, SIEM solutions, have taken their inputs for data activity from “database audit reports”. We all know the drawbacks from that approach. We need to apply the refreshing more effective data activity monitoring approach, that not only aligns with the deeper Security Intelligence goals, but ends up saving on operational costs and expanding scope and coverage for the SIEM implementation.

Take all the in-depth data insights we obtain from the analysis and audit of database, datawarehouse, Hadoop, and file share data activity and vulnerabilities, and feed it into the cross IT security correlation engine.

Data Security and Cloud

Data security is extremely important for the cloud and you can implement it using the model prescribed above. You also have to make sure that you integrate your data-security into an overall security intelligence capability so that your cloud security is holistic.

Protecting your critical data with integrated security intelligence

 

 |  |  |  |  |  | 
Sudhee Subrahmanya
Market Management for Cloud & Data Security, IBM Security

More from Intelligence & Analytics
February 21, 2024

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

December 19, 2023

Web injections are back on the rise: 40+ banks affected by new malware campaign

8 min read - Web injections, a favored technique employed by various banking trojans, have been a persistent threat in the realm of cyberattacks. These malicious injections enable cyber criminals to manipulate data exchanges between users and web browsers, potentially compromising sensitive information. In March 2023, security researchers at IBM Security Trusteer uncovered a new malware campaign using JavaScript web injections. This new campaign is widespread and particularly evasive, with historical indicators of compromise (IOCs) suggesting a possible connection to DanaBot — although we…

December 14, 2023

Accelerating security outcomes with a cloud-native SIEM

5 min read - As organizations modernize their IT infrastructure and increase adoption of cloud services, security teams face new challenges in terms of staffing, budgets and technologies. To keep pace, security programs must evolve to secure modern IT environments against fast-evolving threats with constrained resources. This will require rethinking traditional security strategies and focusing investments on capabilities like cloud security, AI-powered defense and skills development. The path forward calls on security teams to be agile, innovative and strategic amidst the changes in technology…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature