Phone Number +1-202-802-9399 (US)
The Lockdown

Thycotic’s Cyber Security Blog

The paradigm of effective database security is drastically changing

mm

Written by Nick Hunter

December 8th, 2020

The transition to cloud computing revolutionizes information technology and the delivery, management, and securing of data. Organizations are rapidly adopting cloud computing, but the evolution is ongoing, with many organizations keeping their mission-critical applications on site.

There is one common concern in all organizations: security

While migration to the cloud may be a cost-effective option, some organizations are concerned about the availability of their applications, network latency, and network performance. But there is one common concern in all organizations, and that is security. Shared datastores and, the lack of direct control, and the frequency of sophisticated breaches are the main concerns of organizations considering cloud adoption.

Whether on-premise or in the cloud, databases are the repositories of sensitive data. The digital transition to cloud storage and databases has introduced a whole vocabulary of words. Instead of talking about disk drives, SANs, NAS, and file systems we now have services and databases named Elastic Blocks, Blob storage, and Avere.

Cloud storage and databases, also referred to as Platform-as-a Service (PaaS) have become the mission-critical business data repository. Databases are the foundation for applications Software-as-a-Service (SaaS) and must integrate with the underlying Infrastructure-as-a-Service (IaaS). A small business may only need a database hosted within a single instance. Midsize companies and large organizations and require hundreds, even thousands of databases. The largest enterprises require global synchronization with replication to host their mission-critical applications, often in dedicated or private datacenters. They are also mandated to comply with various policy-based regimens and controls such as PCI DSS 3.1,3.2, HIPAA, HyTrust, FedRAMP, FFIEC, FISMA, CIS, SANS Top 20, SOC 2, SOX, NERC CIP.

Proper enforcement of privileged user roles and rights is one of many organizations’ most significant challenges, and storage and database access must be governed and protected. Poorly defined roles or excessive permissions that are inconsistent can easily result in unwanted access, and possibly loss, of sensitive data. Only the most risk-averse organizations effectively de-provision users; this leads to orphaned accounts, resulting in access points available to be used maliciously.

Recent attacks have leveraged channels with legitimate access to the database

However, recent attacks have leveraged channels with legitimate access to the database, such as users, administrators, developers, testers, partners, and outsourced services. The rapidly evolving IT landscape and the adoption of Agile development methodologies increase the number and frequency of channels directly accessing databases. It is becoming critical to now protect databases, decrease the attack surface, and reduce the number of ways attackers can access databases.

Securing databases now requires placing security controls closest to a database or, where possible, incorporating them into the database itself. The threat can also come from current or former employees, system administrators, contractors, or business partners. Insiders can have different motives, from data theft to simple revenge. The consequences of such actions may even take the form of total or partial destruction of the infrastructure, data access, or even data destruction.

To successfully protect from unauthorized access to its systems and data, an organization needs to have substantial control over identity, access, and information use. While most organizations have some controls in these fields, only a small number have a unified approach that would address all of them.

Database Access Controller ensures privileges for cloud Server accounts (AWS, Rackspace, SoftLayer, Private Clouds), Containers (Docker, CoreOS), Databases (Oracle, MySQL, PGSQL, Redis, MongoDB, MariaDB, AWS RDS, SQL Server) and web Applications (Salesforce, GitHub, Office365, Google). Database Access Controller helps by sharing account access, not credentials.

Proxied database connections protect direct access to the database. Enforce just-in-time access (JIT), reduce risk by eliminating orphaned accounts, and limit session access time. Implement strong multi-factor authentication to verify user identity, including biometrics, and effectively defend against credential replay attacks.

Database Access Controller provides granular role-based access controls with risk assessment reporting, dashboards, and notifications to quickly identify who has access to sensitive databases. Streamlined access through an intuitive portal logs all user access attempts and centralizes auditing and reporting.

Access Controller Trial

Secure access to all applications and data with a zero-trust approach, fast.

 

Like this post?

Get our top blog posts delivered to your inbox once a month.

SHARE THIS