If we asked database administrators, security teams, and risk teams about their definition of what database security is, the answers would vary widely.
Each team views the definition based on their own requirements, but the one answer that most likely won’t appear is: “To protect data.”
Traditionally, database security has always been seen as a means to protect the database systems from vulnerabilities, missing patches, simple misconfigurations, or SQL injections. While this certainly holds true in today’s environments too, we cannot ignore the fact that requirements for securing a company’s most valuable asset—its data—have changed.
Adding data to database security
With the increase in regulatory compliance requirements such as PCI-DSS, HIPAA, SOX, and GDPR, enterprises are asking more and more from their data protection solutions. Data is seen as the new oil—a way to fuel companies. Protecting data must be at the core of every strategy. Where better to start than the one place most data resides, the database?
Database security solutions in today’s data- and compliance-driven environments must not only allow companies to measure the level of security of their databases but must provide the ability to locate personal identifiable data, business critical data, and any other data that is of value to the organization.
In addition, any data that is discovered must be monitored, in real time, 24/7. Long gone are the days when audit logs were sufficient or simple network monitoring was considered adequate. Data is the world’s greatest asset and companies must invest in protecting their own data as well as their customers’ data.
As-a-service: a world of shared responsibilities
Database(s)-as-a-service is one of the fastest growing markets within the world of cloud. It provides organizations with unparalleled amounts of scalability and compute power while at the same time removing many of the challenges that we would see as traditionally related to database security (vulnerability and patch management, for example). In the shared responsibility world of the cloud, the one constant is data. Customers are always responsible for protecting and monitoring their data.
Too many data breaches are successful because the exfiltration of data was made possible by either very little or no real-time monitoring of the data. Traditional database security is not designed to protect data, it’s designed to protect the database from malicious SQL injections or vulnerabilities. One might argue that is data protection. But in reality, database security in today’s data-driven environments must allow organizations to monitor anyone and anything that accesses the “crown jewels,” in real time, with the ability to stop unauthorized access to data.
McAfee helps fill that gap by offering software-based database security solutions that allow the monitoring of database instances across both on-premises solutions and the cloud. Non-intrusive, lightweight, and easy to deploy, McAfee database security solutions allow customers to enjoy all the benefits of moving to a hybrid cloud enterprise database environment while retaining control over security, risk, and data protection.