December 19, 2018 By Shay Harel 3 min read

With the current data explosion and rise of artificial intelligence (AI), machine learning and deep learning, organizations must make sense of the vast amounts of data they collect to better themselves and gain an edge over the competition. Processing and storing all this data is much easier when someone else is doing it for you, which is why many organizations now look to move their data to the cloud.

Cloud Storage Does Not Mean Cloud Security

The cloud is, in theory, that magical place where everything is easy, where you can pay someone to make all your IT problems go away; no more patching, cooling, power backup, data backup and other headaches associated with maintaining a data center. Cloud vendors will ensure that your data is stored 24/7 and, as long as you are in the right pricing tier, you’ll enjoy great performance, elasticity and a guarantee that your data will never be lost. So far, so good — but what about cloud security?

While cloud vendors are held to high standards to ensure that they will not mess with or lose your data, they are not in charge of security and access management for the applications and databases you run in the cloud, even if you consume your database as a service. Just because you’re operating in the cloud doesn’t mean you’re no longer responsible for protecting your critical data.

Not only are you in charge of protecting your data, but all the regulations of the real world also apply to the magical world of the cloud. If threat actors steal your data in the cloud, you are just as liable as you would be if they stole on-premises data — and the compliance penalties, legal fees and reputational damage associated with a breach can be crippling.

Inherent Problems With Database-as-a-Service Solutions

If you run your IT shop in the cloud as infrastructure-as-a-service (IaaS), you can simply apply the same security measures and use the same security tools and applications that you have on-premises, because you still own everything. The problems start when you choose to relieve yourself of the burden of employing database administrators and use a cloud vendor’s database-as-a-service (DBaaS) offering, such as Amazon Relational Database Service (Amazon RDS) or Microsoft Azure SQL Database. While this option transfers database management to the cloud vendor, they will not assume any responsibility for the security or compliance of those databases — a critical detail.

At this point, you might recall that you already own database protection tools and ask the cloud vendor to install them on the DBaaS. But, to your surprise, the vendor informs you that running third-party software on its database would void the warranty. Now what?

One obvious solution is to turn on native logging, which enables you to feed database logs into your existing security solutions. Sometimes, this is the “good enough” option. However, there are a few inherent problems with this approach. Any insights or security alerts will not be in real time, and intruders can copy your native logs. They are also stored in clear text, so any encryption scheme employed on your database or traffic is rendered useless.

Another issue to consider before turning on native logging is performance. When native logging is on, a database must spend more time writing data to files, and you might see a hit on performance as a result. Finally, native logging does not offer separation of duties, so the employees who can turn the capability on or off are the same people who can access your sensitive data.

How to Monitor a Cloud Database for Security and Compliance

So what should a prudent, security-minded organization do in this case? How can a company monitor a DBaaS solution for both compliance and security? The answer is to adopt a creative approach to circumvent restrictions on installing security software on cloud providers’ databases. Look for a cloud security solution that sits in front of the database and can still send traffic to your existing security tools without having to install any software on the database.

Such monitoring tools work in real time and are more secure than native logs because they do not require storing any unencrypted data and can handle encrypted traffic, which is the most prevalent way of sending data in a cloud data center. By approaching cloud database management and protection in this manner, organizations can gain greater control over the security and compliance of cloud-enabled infrastructures as they leverage the broader benefits of the cloud.

Register for the Webinar: Best Practices for Securing Data in Hybrid Multi-Cloud Environments

More from Cloud Security

Autonomous security for cloud in AWS: Harnessing the power of AI for a secure future

3 min read - As the digital world evolves, businesses increasingly rely on cloud solutions to store data, run operations and manage applications. However, with this growth comes the challenge of ensuring that cloud environments remain secure and compliant with ever-changing regulations. This is where the idea of autonomous security for cloud (ASC) comes into play.Security and compliance aren't just technical buzzwords; they are crucial for businesses of all sizes. With data breaches and cyber threats on the rise, having systems that ensure your…

Risk, reward and reality: Has enterprise perception of the public cloud changed?

4 min read - Public clouds now form the bulk of enterprise IT environments. According to 2024 Statista data, 73% of enterprises use a hybrid cloud model, 14% use multiple public clouds and 10% use a single public cloud solution. Multiple and single private clouds make up the remaining 3%.With enterprises historically reticent to adopt public clouds, adoption data seems to indicate a shift in perception. Perhaps enterprise efforts have finally moved away from reducing risk to prioritizing the potential rewards of public cloud…

AI-driven compliance: The key to cloud security

3 min read - The growth of cloud computing continues unabated, but it has also created security challenges. The acceleration of cloud adoption has created greater complexity, with limited cloud technical expertise available in the market, an explosion in connected and Internet of Things (IoT) devices and a growing need for multi-cloud environments. When organizations migrate to the cloud, there is a likelihood of data security problems given that many applications are not secure by design. When these applications migrate to cloud-native systems, mistakes in configuration…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today