Help Yourself to Some Database Security in the Cloud
Several major software vendors offer Database-as-a-service (DBaaS). The most popular among them are Microsoft’s SQL Azure, Amazon RDS, Amazon Aurora, Amazon Redshift, Heroku Postgres. Moving databases to the cloud provides advantages of greater flexibility, higher performance, ease of maintenance, and reduced costs of IT services in contrast to on-premises deployments. Nevertheless, many companies remain reluctant to run all their databases in the cloud, especially those containing critical business information. The issue is obvious – security and privacy of the data. Cloud adoption brings compliance issues as well, so along with great benefits it poses significant challenges for early adopters.
How Database Security is different in the Cloud
Every cloud provider delivers basic security, plus organizations implement various security tools such as network firewall, Web Application Firewall (WAF), Intrusion Detection System (IDS), Intrusion Prevention System (IPS), etc. However, these tools provide only perimeter protection and not actual database protection, so database contents remain vulnerable to outside and inside threats.
To ensure database protection DBAs are required to perform a whole set of activities: user authentication, setting up privileges, monitoring database activity, database access control, intrusion prevention, data masking, etc. Providing cloud database security, however, can be problematic and traditional defenses will not fly, because DBaaS does not provide OS control. Therefore, agent-based solutions cannot be installed.
The effective way to close this gap and achieve database security in the cloud is to use a proxy firewall. The firewall is positioned between the application users and the cloud database and eliminates their direct communication. The proxy intercepts and filters inbound and outbound traffic to block activity that contradicts with configured set of security rules. It monitors all actions, from basic login events up to admin commands.
DataSunrise Database Security
DataSunrise provides database security solution for organizations running their databases on SQL Azure and Amazon RDS. Proxy firewall enables to automatically discover and mask sensitive data stored in the database (credit card numbers, SSN, tax Ids, e-mails, authentication credentials, etc.). It blocks SQL injections in real time, monitors database activity performed by both users and DBAs and restricts database access based on user, IP, time, date, etc.
Adopting DBaaS helps companies to increase business agility and reduce costs. The right security tools ensure that while migrating to the cloud your organization remains compliant with regulatory requirements and your cloud-hosted databases are fully protected.