Gartner strongly recommends that the concept of “big data strategy” should be replaced with “making big data part of our everyday strategy.” Technology has created a database activity explosion for most enterprises and made traditional agent-based data logging, monitoring, and auditing far too difficult and expensive to be practical for supporting a database security strategy today, to say nothing about future requirements.
20 years ago, most companies only had a handful of database types on premises that they needed to monitor efficiently with native logging or with database activity monitoring (DAM) tools and get their security compliance “checkbox”. Today compliance is not enough. There are dozens of database types, a completely different threat landscape, and the movement of many projects to the cloud. To get to real database security, you must get serious about managing your databases.
In this post, we’ll go over the current database security landscape, articulate many of today’s requirements and expectations, and make some suggestions about addressing the database security gap.
The chasm between data compliance and a database security strategy
The effort that goes into collecting database activity today is staggering compared with even 10 years ago. It’s as if all the other technology took off and left database security back in the barn. Every time the security team becomes responsible for more data, they must get more hardware and human resources just to manage it. They spend more money, but they get no additional value. Most teams report that they expend 80% of their resources on the manual process of collecting database activity and 20% trying to derive value from the data. The percentage of teams getting security insights from the database activity they collect is even lower than that. It’s far more likely that security teams are not even covering all their environments. That leaves most security teams doing little more than managing the collection of raw data that barely fulfills security compliance requirements in an expensive, inflexible, sometimes unstable, and completely unscalable environment.
From the frying pan into the cloud
The cost-efficient pay-as-you-go models and scalable database capabilities offered by cloud environments make them an irresistible choice for enterprises. Gartner reports that by the end of 2022, 75% of all databases will be deployed or migrated to a cloud platform. For as little visibility as security teams have into their on-premises database activity, they have even less into databases in the cloud. CSO Online reports that only 7% of businesses have good visibility into all critical cloud-based data and 58% say they only have slight control. How can security teams extend compliance and controls to a multi-cloud environment while still maintaining the status quo on database activity collection in their on-premises environments? Beyond that, how can they make raw on-premises and cloud database activity usable to create real database security?
In cloud-based environments many database security features are built-in, but security teams don’t have much confidence in them in general. Logic Monitor reports 66% of IT professionals say security is their greatest concern when adopting an enterprise cloud computing platform. Clutch reports 75% of enterprises implement additional security measures beyond what the cloud service providers and Crowd Research reveals 84% of organizations say traditional security solutions do not work in cloud environments. With these realities as a backdrop, what options do enterprises have to not only overcome their present database security challenges but also put a system in place that offers the real database security that enterprises will need in the future?
Eliminate the complexity of dealing with multiple database environments
Capturing and centralizing database activity from all sources overcomes the challenge of managing many individual databases – physical and cloud-based data sources that do not integrate, do not share common policies, and have siloed coverage of data stored and database security functionality. The all-in-one approach enables you to create consistent reporting, alerting, and analytic dashboards across all sources, regardless of data location and type. The unified platform also eliminates the lack of visibility into cloud-based databases and makes managing database security in the cloud very simple.
Focus on extracting actionable information from database activity and making raw data accessible and consumable
When all database activity is captured in a single platform you gain access to data from all on-premises and cloud sources. You can unlock visibility into the data for any database security tool and for any team. This approach makes more top-line security data available to everyone. Business stakeholders can get role-based self-service access to the all-in-one platform and use ready-made, enriched reports, dashboards, and mashups on a powerful GUI to detect suspicious activity. They can get the data they need to integrate with their tool of choice (SIEM, BI, UEBA, etc.) or to optimize SOC performance. Affording this level of access to contextually rich information enables you to take out the middleman and makes it possible for people to innovate and directly add value to a database security strategy.
Enable stakeholders to automate processes to orchestrate and socialize what they learn
When teams can finally focus their resources on evolving their usage of the tools for more sophisticated policy, automation, and interpretation (as opposed to constantly wrestling with the tools) you need to give them even more capacity to tease out anomalies more easily and overcome communications inefficiencies.
Having all multi-source data in a single platform enables the automation of cumbersome manual processes and eliminates lengthy interchanges between teams and tools. Event-level workflow automation transforms manual routing and review processes into fully automated, customized workflows that improve response times and overall communication among stakeholders. These automations help achieve end-to-end security controls, linking data with decision processes to accelerate communication between teams and make it easier to recommend remediation actions.
Powerful analytics engines in the unified database activity model feature “self-teaching” AI algorithms that can track and persistently evaluate large volumes of historical activity data and enable users to quickly isolate unusual activities such as account abuse, code injection, and insider threat. Users can also take preventive measures to avert security events by conducting fine-grained inspection of large volumes of historical data activity to rapidly detect potential security threats such as unauthorized malicious code or privileged users attempting to stockpile sensitive data. The platform also features out-of-the-box playbooks for over a dozen use cases such as sensitive data alerts, importing assets, running or disabling scans, database discovery, and more. Users may also create their own playbooks. These playbooks may be integrated with a SOAR system to orchestrate responses to data-centric events and achieve next-level database security automation.
Learn more about modern database security strategy
Right now, Imperva Sonar unified database activity model is making real database security a reality for dozens of Fortune 500 companies in financial services, healthcare, insurance, and more. Imperva Sonar is helping security teams reduce costs and gain control of database management through a comprehensive database security strategy. These companies have taken the steps to get the real security value they need from their on-premises and cloud-based data sources and you can, too. Contact an Imperva Solutions Representative to find out more.
Try Imperva for Free
Protect your business for 30 days on Imperva.