Light Dark
August 13, 2013 By Sudhee Subrahmanya 3 min read
Intelligence & Analytics
Cloud Security
Data Protection
Endpoint

The infamous bank robber Willie Sutton is often quoted as saying that criminals go after banks because “that is where the money is.”  Whatever the source, the intended meaning is of course that thieves try to steal wherever things of value are located.

In the digital age, information is the new source of value.

Databases hold personal information of all kinds – be it financial, health related or business transaction related. In addition, organizations are also collectinga growing amount valuable data that gives insight into behavior of their customers.

The Wall Street Journal had a recent article on how Big Data is changing the whole equation of business in various industries. As technology enables new insights into business it becomes even more important to protect the data that is in the Cloud or in the IT infrastructure.

How to Implement Data Security in the Cloud

There are four basic steps to implementing data security in the cloud.

1. Understand and Define

  • Discover where the sensitive data resides
  • Classify and define the data types
  • Define policies and metrics for who accesses and how this data is managed

Automated tools can help identify the organization’s important and sensitive data, and discover where it resides.  Keep in mind that sensitive data is not just in databases, but  also includes unstructured data in documents, log files that are spread out over multiple servers, non database repositories, and so on.

2. Secure and Protect

  • Protect data from authorized and unauthorized access
  • Encrypt or de-identify confidential or sensitive data including in non-production environments (as an example – in testing environments)
  • Redact unstructured data, i.e., “white-out” areas of a document that you don’t want seen

Implement policies and access control solutions to make sure that only authorized personnel can access the data is necessary but not sufficient. There are also situations where you want to make partial data available to certain personnel but not the full data.  For example, you may want customer support personnel to access only the last four digits of a customer’s social security number. In other situations, you may want that same data to be completely hidden. Encryption, redaction, and masking solutions can help protect sensitive data.

3. Monitor and audit

  • Audit and report for  compliance
  • Monitor and enforce review of policy exceptions
  • Assess database vulnerabilities

Many organizations have no database security monitoring solution in place, or they have attempted to build a “home grown” solution based on native auditing. These can require lots of labor, time, and expertise to setup and maintain in a large, heterogeneous environment. Turning on database-logging will greatly reduce database performance.

4. Establish Compliance and Security Intelligence

  • Automate reporting  customized for different regulations to demonstrate compliance
  • Integrate data  activity monitoring with security information and event management (SIEM)
  • Break down silos across the cloud (or IT enterprise) and implement security intelligence for proactive defense.

We are seeing a rise in the need to be more proactive about cross-IT security, using analytics to predict possible threats and act accordingly, rather than just react to attacks. Think about “zero-day threats” or “advanced persistent threats” here. SIEM technologies (Security Information and Event Management) in particular have been tapped to address this kind of Security Intelligence approach. SIEM solutions provide a single unified view & the real-time analytics, to rapidly identify & correlate targeted attacks from different sources or silos across IT.

Traditionally, SIEM solutions, have taken their inputs for data activity from “database audit reports”. We all know the drawbacks from that approach. We need to apply the refreshing more effective data activity monitoring approach, that not only aligns with the deeper Security Intelligence goals, but ends up saving on operational costs and expanding scope and coverage for the SIEM implementation.

Take all the in-depth data insights we obtain from the analysis and audit of database, datawarehouse, Hadoop, and file share data activity and vulnerabilities, and feed it into the cross IT security correlation engine.

Data Security and Cloud

Data security is extremely important for the cloud and you can implement it using the model prescribed above. You also have to make sure that you integrate your data-security into an overall security intelligence capability so that your cloud security is holistic.

Protecting your critical data with integrated security intelligence

 

 |  |  |  |  |  | 
Sudhee Subrahmanya
Market Management for Cloud & Data Security, IBM Security

More from Intelligence & Analytics
October 30, 2023

Hive0051’s large scale malicious operations enabled by synchronized multi-channel DNS fluxing

12 min read - For the last year and a half, IBM X-Force has actively monitored the evolution of Hive0051’s malware capabilities. This Russian threat actor has accelerated its development efforts to support expanding operations since the onset of the Ukraine conflict. Recent analysis identified three key changes to capabilities: an improved multi-channel approach to DNS fluxing, obfuscated multi-stage scripts, and the use of fileless PowerShell variants of the Gamma malware. As of October 2023, IBM X-Force has also observed a significant increase in…

September 12, 2023

Email campaigns leverage updated DBatLoader to deliver RATs, stealers

11 min read - IBM X-Force has identified new capabilities in DBatLoader malware samples delivered in recent email campaigns, signaling a heightened risk of infection from commodity malware families associated with DBatLoader activity. X-Force has observed nearly two dozen email campaigns since late June leveraging the updated DBatLoader loader to deliver payloads such as Remcos, Warzone, Formbook, and AgentTesla. DBatLoader malware has been used since 2020 by cybercriminals to install commodity malware remote access Trojans (RATs) and infostealers, primarily via malicious spam (malspam). DBatLoader…

September 7, 2023

New Hive0117 phishing campaign imitates conscription summons to deliver DarkWatchman malware

8 min read - IBM X-Force uncovered a new phishing campaign likely conducted by Hive0117 delivering the fileless malware DarkWatchman, directed at individuals associated with major energy, finance, transport, and software security industries based in Russia, Kazakhstan, Latvia, and Estonia. DarkWatchman malware is capable of keylogging, collecting system information, and deploying secondary payloads. Imitating official correspondence from the Russian government in phishing emails aligns with previous Hive0117 campaigns delivering DarkWatchman malware, and shows a possible significant effort to induce a sense of urgency as…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature