Effective Database Cloud Security: The Holy Grail of Every Company

Posted on by Christopher Burgess

Enterprises rely on metrics to track where they are and where they're heading. Databases have three: availability, accessibility, security. The latter—securing data at rest and in motion while users engage with the data—is still a challenge for many organizations.

Database cloud security is still a relatively new concept, and isn't always easy to grasp. It was already complex for many C-suite executives when the company data was residing on-premise on a redundant array of inexpensive disks (RAID). RAID protected the data in case of physical drive failure. That met the availability and accessibility criteria. For the security component, system administrators configured all software and hardware for select user access, enforced data access rules and access control assignments, audited system admins for superuser abuse, and had check in place to prevent the RAID from being stolen.  Most of these go out the window when the database moves to the cloud.

Enter Cloud Storage

Cloud storage availability is in hyper-growth mode as more and more players expand their offerings and attempt to differentiate their services. Some providers have changed, or are in the process of changing, their architecture to simplify customers' ability to store data in an encrypted format, without having to escrow the key with the service provider. Up-time is important since you still need to think about accessibility and availability. On the security front, IT team should configure data in the cloud so there is no need to trust the employees or contractors of the cloud service provider. Utilize the trust-no-one (TNO) paradigm of data protection.

Trust No One

Often easier said than accomplished, the TNO paradigm calls for data to be controlled by the data custodian and released only when the custodian says so. The cloud service provider is in essence providing the container (cloud storage) and the vessel (the means to access) for the data. The data custodian (the company) controls the encryption key and distribution, so the third-party cloud service provider is unable to accidentally or purposely expose data in an unencrypted state. Entities are increasing demand of this type of arrangement, and companies can expect to see more cloud storage providers evolving their processes and procedures to make the TNO paradigm a part of their services.

Embrace the Secure Cloud

The good news is that C-suites can expect to see dollar savings as the price of storage continues to drop and service providers offer more access controls, availability guarantees, and user-controlled security. The holy grail of every company is effective database cloud security. Cloud service providers that offer these capabilities will be rewarded with customers who recognize that their overall operating expenses have been lowered.

Christopher Burgess

, Prevendra Inc.

cloud security data security

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community