buchachon - Fotolia
Google recently announced the release of its Cloud Bigtable database service, which is based on the same database used by Google search and Gmail, among others. What are the security risks of database as a service offerings like this that enterprises should be aware of? Are there any additional security measures that should be put in place to ensure corporate data remains safe in transit before adopting cloud database services?
Enterprises considering cloud database services -- often referred to as database as a service -- should keep in mind the shared responsibility for data security. Physical security is, of course, the responsibility of the cloud provider. This is no different than IaaS offerings.
The cloud provider is also responsible for providing access controls to the data. This includes authentication and authorization services. Enterprises should consider the need for Active Directory or LDAP integration to support database services. Multifactor authentication may also be required for highly privileged users. Authorization controls will limit access to data and the ability to alter database structures. Coarse-grained authorizations provide access to tables and indexes, while fine-grained access controls allow administrators to specify rules for accessing particular rows and columns. Enterprises should have a good understanding of their need for various types of authentication and authorization controls and compare those needs with the controls provided by the database as a service provider.
Since database as a service eliminates the need for users to architect and manage servers, there is no need to design subnets to host database servers.
When it comes to encryption, data in motion should be encrypted. The database as a service provider will almost certainly provide an option to encrypt data stored on the database as a service. Database providers may offer key rotation so a single key is not used for too long. This helps reduce the risk of a data leak in the event a key is compromised.
Enterprises subject to government or industry regulations should carefully review compliance requirements. Healthcare companies, for example, may use database as a service to store personal health information as long as a business associate agreement is in place and the standards of the regulation are met.
Ask the Expert:
Have a question about cloud security? Send it via email today. (All questions are anonymous.)
Are PaaS database applications more secure than IaaS applications? Learn more here
Dig Deeper on Cloud Data Storage, Encryption and Data Protection Best Practices
Related Q&A from Dan Sullivan
Docker's recent upgrade introduced support for hardware signing and in the future, automated security analysis on Docker images. Expert Dan Sullivan ... Continue Reading
Cisco's new project Contiv automates operational policies for containerized applications in the cloud. Expert Dan Sullivan explains the benefits of ... Continue Reading
Dropbox API abused by attackers posing as legitimate users in a huge spear phishing campaign. Expert Dan Sullivan explains how to mitigate the risks ... Continue Reading