Intelligence & Analytics August 13, 2013
By Sudhee Subrahmanya 3 min read

The infamous bank robber Willie Sutton is often quoted as saying that criminals go after banks because “that is where the money is.”  Whatever the source, the intended meaning is of course that thieves try to steal wherever things of value are located.

In the digital age, information is the new source of value.

Databases hold personal information of all kinds – be it financial, health related or business transaction related. In addition, organizations are also collectinga growing amount valuable data that gives insight into behavior of their customers.

The Wall Street Journal had a recent article on how Big Data is changing the whole equation of business in various industries. As technology enables new insights into business it becomes even more important to protect the data that is in the Cloud or in the IT infrastructure.

How to Implement Data Security in the Cloud

There are four basic steps to implementing data security in the cloud.

1. Understand and Define

  • Discover where the sensitive data resides
  • Classify and define the data types
  • Define policies and metrics for who accesses and how this data is managed

Automated tools can help identify the organization’s important and sensitive data, and discover where it resides.  Keep in mind that sensitive data is not just in databases, but  also includes unstructured data in documents, log files that are spread out over multiple servers, non database repositories, and so on.

2. Secure and Protect

  • Protect data from authorized and unauthorized access
  • Encrypt or de-identify confidential or sensitive data including in non-production environments (as an example – in testing environments)
  • Redact unstructured data, i.e., “white-out” areas of a document that you don’t want seen

Implement policies and access control solutions to make sure that only authorized personnel can access the data is necessary but not sufficient. There are also situations where you want to make partial data available to certain personnel but not the full data.  For example, you may want customer support personnel to access only the last four digits of a customer’s social security number. In other situations, you may want that same data to be completely hidden. Encryption, redaction, and masking solutions can help protect sensitive data.

3. Monitor and audit

  • Audit and report for  compliance
  • Monitor and enforce review of policy exceptions
  • Assess database vulnerabilities

Many organizations have no database security monitoring solution in place, or they have attempted to build a “home grown” solution based on native auditing. These can require lots of labor, time, and expertise to setup and maintain in a large, heterogeneous environment. Turning on database-logging will greatly reduce database performance.

4. Establish Compliance and Security Intelligence

  • Automate reporting  customized for different regulations to demonstrate compliance
  • Integrate data  activity monitoring with security information and event management (SIEM)
  • Break down silos across the cloud (or IT enterprise) and implement security intelligence for proactive defense.

We are seeing a rise in the need to be more proactive about cross-IT security, using analytics to predict possible threats and act accordingly, rather than just react to attacks. Think about “zero-day threats” or “advanced persistent threats” here. SIEM technologies (Security Information and Event Management) in particular have been tapped to address this kind of Security Intelligence approach. SIEM solutions provide a single unified view & the real-time analytics, to rapidly identify & correlate targeted attacks from different sources or silos across IT.

Traditionally, SIEM solutions, have taken their inputs for data activity from “database audit reports”. We all know the drawbacks from that approach. We need to apply the refreshing more effective data activity monitoring approach, that not only aligns with the deeper Security Intelligence goals, but ends up saving on operational costs and expanding scope and coverage for the SIEM implementation.

Take all the in-depth data insights we obtain from the analysis and audit of database, datawarehouse, Hadoop, and file share data activity and vulnerabilities, and feed it into the cross IT security correlation engine.

Data Security and Cloud

Data security is extremely important for the cloud and you can implement it using the model prescribed above. You also have to make sure that you integrate your data-security into an overall security intelligence capability so that your cloud security is holistic.

Protecting your critical data with integrated security intelligence

 

 |  |  |  |  |  | 
Sudhee Subrahmanya
Market Management for Cloud & Data Security, IBM Security

More from Intelligence & Analytics
September 12, 2023

Email campaigns leverage updated DBatLoader to deliver RATs, stealers

11 min read - IBM X-Force has identified new capabilities in DBatLoader malware samples delivered in recent email campaigns, signaling a heightened risk of infection from commodity malware families associated with DBatLoader activity. X-Force has observed nearly two dozen email campaigns since late June leveraging the updated DBatLoader loader to deliver payloads such as Remcos, Warzone, Formbook, and AgentTesla. DBatLoader malware has been used since 2020 by cybercriminals to install commodity malware remote access Trojans (RATs) and infostealers, primarily via malicious spam (malspam). DBatLoader…

September 7, 2023

New Hive0117 phishing campaign imitates conscription summons to deliver DarkWatchman malware

8 min read - IBM X-Force uncovered a new phishing campaign likely conducted by Hive0117 delivering the fileless malware DarkWatchman, directed at individuals associated with major energy, finance, transport, and software security industries based in Russia, Kazakhstan, Latvia, and Estonia. DarkWatchman malware is capable of keylogging, collecting system information, and deploying secondary payloads. Imitating official correspondence from the Russian government in phishing emails aligns with previous Hive0117 campaigns delivering DarkWatchman malware, and shows a possible significant effort to induce a sense of urgency as…

August 9, 2023

X-Force releases detection & response framework for managed file transfer software

5 min read - How AI can help defenders scale detection guidance for enterprise software tools If we look back at mass exploitation events that shook the security industry like Log4j, Atlassian, and Microsoft Exchange when these solutions were actively being exploited by attackers, the exploits may have been associated with a different CVE, but the detection and response guidance being released by the various security vendors had many similarities (e.g., Log4shell vs. Log4j2 vs. MOVEit vs. Spring4Shell vs. Microsoft Exchange vs. ProxyShell vs.…

August 8, 2023

Unmasking hypnotized AI: The hidden risks of large language models

11 min read - The emergence of Large Language Models (LLMs) is redefining how cybersecurity teams and cybercriminals operate. As security teams leverage the capabilities of generative AI to bring more simplicity and speed into their operations, it's important we recognize that cybercriminals are seeking the same benefits. LLMs are a new type of attack surface poised to make certain types of attacks easier, more cost-effective, and even more persistent. In a bid to explore security risks posed by these innovations, we attempted to…

© 2023 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature