The infamous bank robber Willie Sutton is often quoted as saying that criminals go after banks because “that is where the money is.”  Whatever the source, the intended meaning is of course that thieves try to steal wherever things of value are located.

In the digital age, information is the new source of value.

Databases hold personal information of all kinds – be it financial, health related or business transaction related. In addition, organizations are also collectinga growing amount valuable data that gives insight into behavior of their customers.

The Wall Street Journal had a recent article on how Big Data is changing the whole equation of business in various industries. As technology enables new insights into business it becomes even more important to protect the data that is in the Cloud or in the IT infrastructure.

How to Implement Data Security in the Cloud

There are four basic steps to implementing data security in the cloud.

1. Understand and Define

  • Discover where the sensitive data resides
  • Classify and define the data types
  • Define policies and metrics for who accesses and how this data is managed

Automated tools can help identify the organization’s important and sensitive data, and discover where it resides.  Keep in mind that sensitive data is not just in databases, but  also includes unstructured data in documents, log files that are spread out over multiple servers, non database repositories, and so on.

2. Secure and Protect

  • Protect data from authorized and unauthorized access
  • Encrypt or de-identify confidential or sensitive data including in non-production environments (as an example – in testing environments)
  • Redact unstructured data, i.e., “white-out” areas of a document that you don’t want seen

Implement policies and access control solutions to make sure that only authorized personnel can access the data is necessary but not sufficient. There are also situations where you want to make partial data available to certain personnel but not the full data.  For example, you may want customer support personnel to access only the last four digits of a customer’s social security number. In other situations, you may want that same data to be completely hidden. Encryption, redaction, and masking solutions can help protect sensitive data.

3. Monitor and audit

  • Audit and report for  compliance
  • Monitor and enforce review of policy exceptions
  • Assess database vulnerabilities

Many organizations have no database security monitoring solution in place, or they have attempted to build a “home grown” solution based on native auditing. These can require lots of labor, time, and expertise to setup and maintain in a large, heterogeneous environment. Turning on database-logging will greatly reduce database performance.

4. Establish Compliance and Security Intelligence

  • Automate reporting  customized for different regulations to demonstrate compliance
  • Integrate data  activity monitoring with security information and event management (SIEM)
  • Break down silos across the cloud (or IT enterprise) and implement security intelligence for proactive defense.

We are seeing a rise in the need to be more proactive about cross-IT security, using analytics to predict possible threats and act accordingly, rather than just react to attacks. Think about “zero-day threats” or “advanced persistent threats” here. SIEM technologies (Security Information and Event Management) in particular have been tapped to address this kind of Security Intelligence approach. SIEM solutions provide a single unified view & the real-time analytics, to rapidly identify & correlate targeted attacks from different sources or silos across IT.

Traditionally, SIEM solutions, have taken their inputs for data activity from “database audit reports”. We all know the drawbacks from that approach. We need to apply the refreshing more effective data activity monitoring approach, that not only aligns with the deeper Security Intelligence goals, but ends up saving on operational costs and expanding scope and coverage for the SIEM implementation.

Take all the in-depth data insights we obtain from the analysis and audit of database, datawarehouse, Hadoop, and file share data activity and vulnerabilities, and feed it into the cross IT security correlation engine.

Data Security and Cloud

Data security is extremely important for the cloud and you can implement it using the model prescribed above. You also have to make sure that you integrate your data-security into an overall security intelligence capability so that your cloud security is holistic.

Protecting your critical data with integrated security intelligence

 

More from Intelligence & Analytics

What makes a trailblazer? Inspired by John Mulaney’s Dreamforce roast

4 min read - When you bring a comedian to offer a keynote address, you need to expect the unexpected.But it is a good bet that no one in the crowd at Salesforce’s Dreamforce conference expected John Mulaney to tell a crowd of thousands of tech trailblazers that they were, in fact, not trailblazers at all.“The fact that there are 45,000 ‘trailblazers’ here couldn’t devalue the title anymore,” Mulaney told the audience.Maybe it was meant as nothing more than a punch line, but Mulaney’s…

New report shows ongoing gender pay gap in cybersecurity

3 min read - The gender gap in cybersecurity isn’t a new issue. The lack of women in cybersecurity and IT has been making headlines for years — even decades. While progress has been made, there is still significant work to do, especially regarding salary.The recent  ISC2 Cybersecurity Workforce Study highlighted numerous cybersecurity issues regarding women in the field. In fact, only 17% of the 14,865 respondents to the survey were women.Pay gap between men and womenOne of the most concerning disparities revealed by…

Protecting your data and environment from unknown external risks

3 min read - Cybersecurity professionals always keep their eye out for trends and patterns to stay one step ahead of cyber criminals. The IBM X-Force does the same when working with customers. Over the past few years, clients have often asked the team about threats outside their internal environment, such as data leakage, brand impersonation, stolen credentials and phishing sites. To help customers overcome these often unknown and unexpected risks that are often outside of their control, the team created Cyber Exposure Insights…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today