Reacting and Adapting
In his blog below, Reinhart Hansen, Director of Technology, Office of the CTO at Imperva shares his thoughts what Covid-19 has meant for organisations and the 5 challenges ahead.
The world-wide events of 2020 have meant that organisations have had to simply react and adapt. More data is being moved to the cloud, applications are built in cloud environments, and more and more databases are being used to support the shift in the way we work.
59% of enterprises believe their cloud usage will expand beyond their initial estimates this year due to Covid-19 forcing remote work and work from home models. This has sped up digital transformation by at least a decade and resulted in a rapid adoption of cloud computing and cloud storage.
For organisations operating within this disruptive, and equally transformative, environment we see 5 clear challenges.
1. Managing hybrid environments will be something most will need to deal with for some time to come
This means managing applications and data hosted both on premise as well as with multiple cloud service providers. Using cloud services often means organisations no longer have the same control as they once had for on-premises platforms, however, both cloud service providers and organisations have a shared responsibility for data security.
2. Maintaining security and compliance across multiple databases that have different needs and contain structured and/or unstructured data
New application databases are rapidly being spun up and added so quickly that keeping track of what is where is becoming increasingly difficult. Database security may slip through the cracks, falling outside existing organisational protection.
3. Balancing the cost of data storage against the cost of security and compliance in an environment of telemetry overload across vendors and databases
Due to the massive volumes of data being stored, accessed and processed by a multitude of entities, trying to manage the resulting massive amounts of audit and alert data just isn’t scalable. Data analysts or data scientists would need to write bespoke logic and algorithms to be able process the data generated and make sense out of it. In fact, it may not even be possible simply due to the archiving requirements needed to store large volumes of data.
4. Making database security and audit event data usable and deriving value
Regulators along with Security and Audit professionals recognize that it is no longer enough to simply collect and store event data. While organisations are using SIEM, there is no intelligence wrapped within the software to create meaning or value with the data. Identifying anomalous access to data in your environment or meeting regulatory reporting requirements is expensive and resource intensive.
5. Scaling up security programs and automating security processes across an organisation
There is a need to focus on the economics of managing the growth and variety of data stores without constantly increasing resources. Organisations should consider the true cost and effort required to achieve objectives at the scale of the enterprise.
So how can organisations implement effective data security controls?
Move Beyond Network Security with Key Elements of Data and Database Security
Network security focuses on the controls and systems that put up access barriers such as network security firewalls, IPS and RDS. They’re still important, but the notion of an easily identified network perimeter is long gone and there are now so many more paths to your data that need protecting. A network security approach just isn’t comprehensive or scalable enough without additional help.
Adding security at the database-level introduces a last line of defence with integrated, focused mechanisms to protect data itself.
Start with Database Security Orchestration
Database security orchestration enacts a policy that protects your data based on an event occurring somewhere else. This orchestration can be used to alert or prevent unauthorized or malicious access into your databases. Triggers are enacted when a threat or event is identified within other areas of the environment, blocking access to every database and thereby protecting them from any potential exploit that may be already in your environment.
For example, the anti-virus agent on your desktop reports a virus or malware infection. The feed from your antivirus is used to create a policy in your data security solution disallowing access from the compromised device to any database in your organisation. Automated blocking provides a hands-off approach to control access and protect data across all stores – whether in the cloud, or on location, at any time.
Comply with Regulatory Reporting
Regulatory requirements require that organisations provide logs on how users are accessing data over time. Current dumps of big data make this reporting resource intensive, time consuming and limited in terms of how far back the data can be reported on. Data is regularly archived due to the volume of data coming in, impacting long-term storage and retrieval capacity. A major challenge for organisations is having a quick and efficient mechanism to produce these reports that satisfy audit requirements. Innovative data security storage solutions allow data to be retained for a much longer period, and reported on, without the resource intensive requirements of a standalone SIEM solution.
Look for Rapid Out-of-the Box Deployment
When you have a rapidly shifting workforce, organisations need to turn on database security solutions at scale, extremely fast. These solutions monitor all environments, all applications and all data, monitoring who is doing what, when, where, how and why. Rapid out-of-the box deployment can be achieved by using an agentless approach that consumes information from the database itself, meeting a specific need without onerous deployment work. Customisation and adjustment can then happen as needed, over time.
Achieve Database Security at Scale
For database security at scale, processes need to be automated wherever possible. Automations may include enabling auto-discovery of any new database that enters your environment. This means you are immediately aware and can control it without the intensive, time consuming processes required to stand up or change an existing solution.
Automation of discovery also means that you no longer need to deploy an agent or configure for monitoring a new database. Database security at scale, and scaling right, means that you have the control and flexibility of adding new databases, but do not need resources to do it. The current economic climate means that we need to do more with the same number of staff, or even do more with less. Automation plays a big part in being able to achieve that.
The need to protect your data is more important than ever and our environments are more complex and constantly changing. To protect data, whether on premises or in the cloud, structured or unstructured, organisations need to move away from simply forming a protective ring on their network to also provide an inner layer of protection at the database itself. This is a fundamental shift from simply thinking about data security, to focusing on scalable, easy to deploy database security. Protect your data and all paths to it so it’s secure wherever it lives.
Get in touch with us today to learn more about Data Security solutions