The infamous bank robber Willie Sutton is often quoted as saying that criminals go after banks because “that is where the money is.” Whatever the source, the intended meaning is of course that thieves try to steal wherever things of value are located.
In the digital age, information is the new source of value.
Databases hold personal information of all kinds – be it financial, health related or business transaction related. In addition, organizations are also collectinga growing amount valuable data that gives insight into behavior of their customers.
The Wall Street Journal had a recent article on how Big Data is changing the whole equation of business in various industries. As technology enables new insights into business it becomes even more important to protect the data that is in the Cloud or in the IT infrastructure.
How to Implement Data Security in the Cloud
There are four basic steps to implementing data security in the cloud.
1. Understand and Define
- Discover where the sensitive data resides
- Classify and define the data types
- Define policies and metrics for who accesses and how this data is managed
Automated tools can help identify the organization’s important and sensitive data, and discover where it resides. Keep in mind that sensitive data is not just in databases, but also includes unstructured data in documents, log files that are spread out over multiple servers, non database repositories, and so on.
2. Secure and Protect
- Protect data from authorized and unauthorized access
- Encrypt or de-identify confidential or sensitive data including in non-production environments (as an example – in testing environments)
- Redact unstructured data, i.e., “white-out” areas of a document that you don’t want seen
Implement policies and access control solutions to make sure that only authorized personnel can access the data is necessary but not sufficient. There are also situations where you want to make partial data available to certain personnel but not the full data. For example, you may want customer support personnel to access only the last four digits of a customer’s social security number. In other situations, you may want that same data to be completely hidden. Encryption, redaction, and masking solutions can help protect sensitive data.
3. Monitor and audit
- Audit and report for compliance
- Monitor and enforce review of policy exceptions
- Assess database vulnerabilities
Many organizations have no database security monitoring solution in place, or they have attempted to build a “home grown” solution based on native auditing. These can require lots of labor, time, and expertise to setup and maintain in a large, heterogeneous environment. Turning on database-logging will greatly reduce database performance.
4. Establish Compliance and Security Intelligence
- Automate reporting customized for different regulations to demonstrate compliance
- Integrate data activity monitoring with security information and event management (SIEM)
- Break down silos across the cloud (or IT enterprise) and implement security intelligence for proactive defense.
We are seeing a rise in the need to be more proactive about cross-IT security, using analytics to predict possible threats and act accordingly, rather than just react to attacks. Think about “zero-day threats” or “advanced persistent threats” here. SIEM technologies (Security Information and Event Management) in particular have been tapped to address this kind of Security Intelligence approach. SIEM solutions provide a single unified view & the real-time analytics, to rapidly identify & correlate targeted attacks from different sources or silos across IT.
Traditionally, SIEM solutions, have taken their inputs for data activity from “database audit reports”. We all know the drawbacks from that approach. We need to apply the refreshing more effective data activity monitoring approach, that not only aligns with the deeper Security Intelligence goals, but ends up saving on operational costs and expanding scope and coverage for the SIEM implementation.
Take all the in-depth data insights we obtain from the analysis and audit of database, datawarehouse, Hadoop, and file share data activity and vulnerabilities, and feed it into the cross IT security correlation engine.
Data Security and Cloud
Data security is extremely important for the cloud and you can implement it using the model prescribed above. You also have to make sure that you integrate your data-security into an overall security intelligence capability so that your cloud security is holistic.