geometrix - Fotolia

Can proprietary databases be securely migrated to the AWS cloud?

When enterprises look to migrate a proprietary database to the AWS cloud, there are a number of security considerations to keep in mind. Expert Dan Sullivan explains.

We've been asked to explore the risk profile of migrating proprietary databases (no PII) to the AWS cloud. What additional security controls should be considered versus a traditional database migration, and are there additional AWS security mechanisms that can/should be applied?

When migrating proprietary databases to any cloud environment, enterprises should certainly maintain standard database security practices related to authentication, authorization, server hardening and separation of duties with regards to database administrators.

If you are managing your own database server rather than using a database service, then consider hardening your servers. To do this, minimize the number of services running, remove compilers, close unused network ports, minimize the number of users with login access and restrict remote connections to trusted servers. Also use a vulnerability scanner to probe for missed vulnerabilities. Note: Be sure to let Amazon know anytime you run a vulnerability scanner or perform penetration testing, as it might think you are an actual attacker; see Amazon's guidance on this kind of testing.

If you are migrating to Amazon Relational Database Service, you will not have to test and patch servers, Amazon will take care of that for you. You will, however, still need to set up authentication and authorization. Decide if you will use Amazon Identity and Access Management services directly, or if you want to integrate your Active Directory. See the AWS blog for tips on federating IAM and Active Directory.

Enterprises could also consider using Amazon CloudWatch to monitor activity on database servers. Metrics on network traffic, for instance, can help spot unusual traffic spikes, which could be an indication of unauthorized access or download, or it could be a new use case by end users running new, large reports. In either case, monitoring services will help your enterprise get a heads up on migration security issues that might need attention when moving to a proprietary database to the cloud.

Ask the Expert!
Want to ask Dan Sullivan a question about cloud security? Submit your question now via email! (All questions are anonymous.)

Next Steps

Learn more about cloud databases

Uncover 10 questions to ask when storing data in the cloud

Dig Deeper on Cloud Data Storage, Encryption and Data Protection Best Practices