• Home
  • About Us
  • Contact Us
  • Privacy Policy
  • Special Offers
Business Intelligence Info
  • Business Intelligence
    • BI News and Info
    • Big Data
    • Mobile and Cloud
    • Self-Service BI
  • CRM
    • CRM News and Info
    • InfusionSoft
    • Microsoft Dynamics CRM
    • NetSuite
    • OnContact
    • Salesforce
    • Workbooks
  • Data Mining
    • Pentaho
    • Sisense
    • Tableau
    • TIBCO Spotfire
  • Data Warehousing
    • DWH News and Info
    • IBM DB2
    • Microsoft SQL Server
    • Oracle
    • Teradata
  • Predictive Analytics
    • FICO
    • KNIME
    • Mathematica
    • Matlab
    • Minitab
    • RapidMiner
    • Revolution
    • SAP
    • SAS/SPSS
  • Humor

Why we can’t have nice things

August 22, 2020   Big Data
Why we can’t have nice things

Automation and Jobs

Read our latest special issue.

Open Now

If you spend your professional life worrying about security, it can get a little disconcerting when you see that some enterprises have a tough time managing even base levels of security. What’s worse is that the challenge just got more complicated. As Satya Nadella recently said, COVID-19 has truncated the two years of digital transformation into two months, and that holds true for security considerations too.

With the sudden shift brought on by COVID-19, teams have embraced the economic benefits of the cloud to solve many issues. But every rose has its thorn, and along with the great benefits of cloud migration, companies have also adopted the new security concerns that come with it, and many are wholly unprepared.

A recent analysis of 2 million scans of 300,000 public cloud assets running on Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP) revealed more than 80% of organizations have at least one neglected, internet-facing workload that is either running on an unsupported operating system or has remained unpatched for more than 180 days. The report also found that 60% of organizations have at least one neglected internet-facing workload that it is no longer provided with security updates. Any of these issues in an organization should merit immediate patching; however this rarely happens.

There are many reasons, especially in the current climate, why these security lapses remain unresolved within enterprises. Many organizations in the time of COVID-19 are dealing with budget cuts, and for many, teams are being consolidated and reorganized. While these cuts are understandable, given an average cost of $ 4.77 million per data breach, DBAs, developers, and security teams need to rise above and be more careful with their new tools.

Your cloud database services vendor is not your mother

Recently, I attended a virtual conference session on database security considerations when migrating workloads to the cloud.” An attendee asked the question, “What can I do to ensure a cloud vendor can secure my company’s sensitive data?” And, rightfully, the speaker replied, “It’s not the cloud vendor’s responsibility to ensure your security controls are being extended to cloud environments; it’s yours.”

As is the case with any service provider, the company will do its best to ensure there are no flaws in their overall systems to allow a breach, but your organization’s data within the cloud instance is your responsibility. Think of it like a storage unit. The unit provider provides you with the storage locker itself and will ensure the locker is up to standards, sometimes even providing some basic perimeter security. But you are responsible for buying your own lock and ensuring the security of your unit. If you decide not to lock it, don’t be surprised if people access your locker and steal your property. It’s a common and dangerous misconception that the cloud vendor has visibility and oversight over how your sensitive data is being protected. It’s not the cloud vendor’s responsibility to provide it. They provided you with the service, but security is on you.

Your security teams don’t know what they don’t know

Oftentimes, even when a company acknowledges its security responsibility, the unfortunate reality is that internal miscommunication is almost as big a problem as misunderstanding the service provider’s responsibility towards your data. The developers and DBAs that migrated and configured the system are responsible for the service-level of the database or application itself, not the security of the data within. They believe the security teams are entirely responsible for data security, virtually absolving themselves of many responsibilities in that area. Meanwhile, many times the security teams were never even informed of the new service the developer used, yet are somehow expected to secure it. All the while, this cloud-based environment may well be exposing sensitive data and be susceptible to breaches.

Be your organization’s security conscience

If you are waiting for your cloud vendor to be a true collaborative partner on security issues, or for your developers to suddenly develop strong security wherewithal, you have a long wait ahead of you. Cloud environments can be a huge boon for companies looking to reduce budgets, however with timetables for cloud migrations being shortened and new systems being added more rapidly, the process is not always handled responsibly. Databases present a target-rich environment and are being unnecessarily exposed to enterprising hackers. Companies need to rein in the process to ensure proper security.

It’s true that maintaining security is a challenge, but it’s not impossible. Clear communication between security teams and the DBA and application owners and clear understanding of the delegation of responsibilities are a major first step and will prevent security best practices from falling by the wayside. Now is the time to take a security inventory, because ultimately it does not matter how strong your perimeter security is or how much money you save migrating to the cloud if you’re exposing your valuable data.

Ron Bennatan is the founder and CTO of jSonar and is an expert on data security, having worked in the industry for over 25 years at companies such as J.P. Morgan, Merrill Lynch, Intel, IBM, and AT&T Bell Labs. He was co-founder and CTO at Guardium, which was acquired by IBM where he later served as a Distinguished Engineer and the CTO for Data Security and Governance. He has a Ph.D. in Computer Science and has authored 11 technical books.

Let’s block ads! (Why?)

Big Data – VentureBeat

Can't, Nice, Things

  • Recent Posts

    • Accelerate Your Data Strategies and Investments to Stay Competitive in the Banking Sector
    • SQL Server Security – Fixed server and database roles
    • Teradata Named a Leader in Cloud Data Warehouse Evaluation by Independent Research Firm
    • Derivative of a norm
    • TODAY’S OPEN THREAD

  • Categories

  • Archives

    • April 2021
    • March 2021
    • February 2021
    • January 2021
    • December 2020
    • November 2020
    • October 2020
    • September 2020
    • August 2020
    • July 2020
    • June 2020
    • May 2020
    • April 2020
    • March 2020
    • February 2020
    • January 2020
    • December 2019
    • November 2019
    • October 2019
    • September 2019
    • August 2019
    • July 2019
    • June 2019
    • May 2019
    • April 2019
    • March 2019
    • February 2019
    • January 2019
    • December 2018
    • November 2018
    • October 2018
    • September 2018
    • August 2018
    • July 2018
    • June 2018
    • May 2018
    • April 2018
    • March 2018
    • February 2018
    • January 2018
    • December 2017
    • November 2017
    • October 2017
    • September 2017
    • August 2017
    • July 2017
    • June 2017
    • May 2017
    • April 2017
    • March 2017
    • February 2017
    • January 2017
    • December 2016
    • November 2016
    • October 2016
    • September 2016
    • August 2016
    • July 2016
    • June 2016
    • May 2016
    • April 2016
    • March 2016
    • February 2016
    • January 2016
    • December 2015
    • November 2015
    • October 2015
    • September 2015
    • August 2015
    • July 2015
    • June 2015
    • May 2015
    • April 2015
    • March 2015
    • February 2015
    • January 2015
    • December 2014
    • November 2014
© 2021 Business Intelligence Info
Power BI Training | G Com Solutions Limited