Database Activity Management (DAM) and Cloud Security

Database Activity Management (DAM) and Cloud Security

Cloud computing is more than just the latest IT buzzword. The promise of lower costs of computing, more flexibility, greater reliability/availability, and almost unlimited scalability, put the cloud on almost every IT organizations planning horizon… it is just a question of when. Yet, moving your sensitive data into the cloud (and by definition, outside your own secure network), presents significant challenges for database security.

The outsourced nature of the cloud, and the inherent loss of control that goes along with that, means that sensitive data must be carefully monitored to ensure it is always protected. At the same time, how do you monitor a database server, when the underlying hardware moves every day, or even over the course of the day, often without your knowledge. These concerns have led many organizations to reject cloud computing for many applications in the past, especially where compliance regulations were involved.

With sensitive data safely behind your firewall, on your own private network and with privileged access only by your own employees, data security could be ensured by monitoring SQL traffic and careful oversight of insiders. In the cloud, traditional network monitoring is not possible – and outsiders now have insider access – but E-SPIN represented Sentrigo’s memory-based sensor architecture, makes managing database security in the cloud as easy and safe as within your own datacenter.

Remote Monitoring of Databases in the Cloud

Extending database activity monitoring beyond the confines of your own private network, into the cloud, creates nearly insurmountable obstacles for traditional network-based monitoring solutions. In addition to the dynamic nature of the server configuration (what servers do you need to monitor?), it is simply not possible to put the monitoring appliance “near” the databases it is monitoring. You must also deal with higher latency communications, making real-time protection nearly impossible in an agent-server model.

Database Activity Management (DAM) and Cloud Computing Security

Monitoring Moving Databases and Privileged Users

Cloud computing infrastructures take advantage of virtualization, where the machines (both virtual and physical machines) running your database are likely to change over the course of a day or week. You may not even be able to dictate the server, hostname, or network segment that the database is hosted on.

Many DAM systems require agents which are difficult to install in the first place, interfering with provisioning by requiring kernel level changes and reboots for example, which are not possible in the multi-tenancy cloud environment. Furthermore, automating the process of deploying your cloud-based database servers may not even be achievable with these systems, as changes are often required at the management server. In the Sentrigo architecture, the sensor can be set to automatically install or provision as part of the database startup process, and will automatically connect to the management server, which can even be located on your private network.

By providing the ability to monitor database activity remotely, using your own information security personnel, you will have complete visibility into the privileged activities of the cloud provider’s administrative users. The same capabilities used to ensure segregation of duties for regulatory purposes, are available remotely to meet regulatory compliance requirements.

If you are considering cloud computing for any sensitive data, the efficient, effective coverage provided by Hedgehog Enterprise is ready now. Please contact E-SPIN consultant for your requirement and project.