For a considerable time, many organizations have used three to five on-premise databases to manage their workloads, and many teams have tried to funnel every application into using those databases. Today, as the pressure to innovate while keeping costs low intensifies, organizations have started moving many workloads to the cloud. According to Gartner, by 2022 75% of databases will be deployed or migrated to a cloud platform. In the cloud world those three to five databases are going to 10 to 15 – and in some cases 20 to 25 – databases, on-premise and cloud-based. Suddenly, the security threat landscape is much more complicated and security teams are struggling to keep up. Oracle recently reported that 92% of companies have a “cloud security readiness gap” between their current and planned cloud usage and the maturity of their cloud security programs. Further, Crowd Research Partners reports that a sizable 84% of companies say their current security solutions do not work in these new environments. These realities, combined with an acute cybersecurity skills gap, have created a significant challenge for security teams that need to build a database security strategy that works in cloud-based environments in order to avoid becoming an innovation blocker.
To meet the growing threat landscape associated with moving workloads to the cloud, business database security strategy should deliver these four features:
- Scalability. Most enterprises use a multi- or hybrid-cloud strategy to create more flexibility and avoid vendor lock-in. Each database platform has its own structure and requires specific APIs and methods. This is great for the business, but can be a struggle to find an appropriate security solution. A database security solution should easily capture and centralize database activity into a single platform. It should be able to transform raw activity data across multiple database environments into actionable security analytics. It should effectively offer live access to multiple years of retained audit data to enable security, IRM, forensics, operational, and cloud teams to get ready-made, interactive enriched reports, tools and mashups that deliver consistent alerting and analytics across all sources. The solution should also be able to ingest any new databases, data lakes, warehouses and cloud data systems that are added in the future.
- Low-cost data retention and robust analytics. Compliance requirements for many industries require organizations to have access to up to seven years of audit data. “Archiving and restoring” methods are neither fast nor cost-efficient enough to meet today’s compliance requirements. Database security solution should enable organizations to store activity data regardless of location or type for long periods without costly aggregators, collectors, and database servers. Armed with instant access to audit data, businesses should be able to blend any metadata, including vulnerability assessment, classification, CMDB, etc. to create enriched and contextual data for business or technical stakeholders across long periods of time. Once centralized in the platform, data consumers are free to use their preferred tools, including Splunk, Kibana, SQL, Tableau, etc. to mine, report, and analyze data via fine-grained access control.
- Automation. Historically, the extensive manual processes used to perform reporting, distribution, review and remediation amongst a network of siloed tools and teams have created persistent bottlenecks that are unsustainable in cloud environments. Any solution should provide a fully customizable event-level workflow engine to transform manual processes into intelligent, fully automated workflows.
- Actionable security intelligence. Many organizations believe simply checking the compliance box is database security. In reality, most have only database compliance programs that don’t protect their businesses. Very few derive security benefits from these programs. Their tools were never architected to meet the degree of complexity that exists in today’s data security environment. Today, a solution should be able to turn petabytes of raw activity data into visible, actionable security information that improves integration with incident response. Businesses need powerful, database-specific User Entity and Behavior Analytics (UEBA) engines and Security Orchestration, Automation and Response (SOAR) capabilities that go beyond detection to deliver preventive control.
What tools can do the job?
When you use Imperva Sonar to enhance and protect your Guardium investment, you can extend database security coverage to more environments, eliminate manual efforts, reduce operational costs, and improve governance effectiveness. The solution was designed by the original architects of Guardium, so it seamlessly integrates with Guardium compliance features and runs on the IBM Z platform, while enhancing your capability to manage data risk in a modern technology environment. Imperva Sonar running with Guardium on the IBM Z platform offers the fastest path for safely moving database workloads to the cloud, while preserving oversight and ensuring your compliance and security controls keep pace with new use cases and requirements.
Running Imperva Sonar with Guardium on an IBM Z platform enables organizations to get the best of both worlds: the robust agent-based architecture that Guardium users depend on and the agentless architecture offered by Imperva Sonar that is critical to extending compliance requirements and database security into cloud-native environments. Imperva offers all of this with minimal disruption.
Originally published on the IBM Z and LinuxONE Community Blogs.