Page 179 - Cyber Defense eMagazine Special RSA Conference Annual Edition for 2022
P. 179
• Use multi-factor authentication and enhanced, granular access control that seeks constant
validation of entities seeking data. Limit accounts to the data they need to access. That is, enforce
least privilege access to sensitive data and implement alerts on suspicious activities and policy
violations. As humans, sometimes we want to be flexible with teams, but even with implicit trust,
people make honest mistakes. Resist the urge to be lax with least privilege access rules. Keep
good separation of roles and functions. Also control DBA access to the database activity stream.
• Monitor database activity rigorously. Monitoring the real-time data stream of database activity for
unusual or non-compliant behaviors helps protect against insider risks. Use policy-based
monitoring and enforcement. Ensure detection of database misconfiguration that exposes
vulnerabilities.
• Implement key data protection measures including encryption of data in transit and backups at
rest, and automate the patching of vulnerabilities.
• Make sure offsite logs and backups are immutable. Logs and backups should be protected from
everyone, including your administrative account. If attackers compromise DBA credentials, they
will not be able to go in and delete backups. Backups must be set in stone.
• In a system leveraging cloud microservices architecture, for “east-west” communications inside a
network, use microsegmentation, which isolates workloads in order to neutralize malicious lateral
movement. With this approach, certain kinds of service mesh proxy filters can produce metadata
to stop writes into a database, so that a packet will never reach the database, thus containing
data breaches.
• Have a clear, detailed plan ready to deal with major events like cloud outages, ransomware
attacks and data breaches. Talk to your cloud vendor about this and coordinate plans. The major
cloud providers all go down on a regular basis. It's just limited to different data centers, so often
unnoticed. A plan should explain exactly how the team is expected to respond to a disaster and
who does what. It should specify who to contact at your cloud vendor to help with an investigation
of a data breach. The vendor should have a plan to work with customers who experience data
breaches. Backups that attackers can't touch should be ready, with the plan specifying how to roll
out a restored backup.
Businesses across verticals and at all resource levels are increasingly relying on data to function and to
deliver new value. These security measures for cloud databases are the last line of defense in keeping
data protected. Security decision-makers at companies small and large should talk with vendors directly
and make sure that their first focus is on security that’s built to complement performance, rather than
compete with it. Study reviews and articles on trusted sites. Go to webinars, talk to trusted colleagues
and reach out to industry peers in reputable organizations. And feel free to reach out to me! Risking a
data breach because it seems like your hands are tied is no longer an option for businesses in a world of
exponential data growth, evolving technology and deep uncertainty.
179