Possible Threats With Cloud Database Security
Last Updated November 29, 2016
Cloud database storage is at a period of extensive growth across the technology sector, with some research statistics showing an anticipated growth of over 60% each year through 2018. The ability to store databases online to facilitate access by different departments and user types is undeniably appealing, yet as with all types of cloud computing, server database storage carries a certain degree of risk.
As organizations move to store databases online, an awareness of the risks inherent in cloud computing can help network security teams better prepare for intrusion attempts and minimize the damage of successful breaches. This article highlights some of the threats to cloud database systems and explains how security risks can be reduced.
Possible Threat Types
Cloud database systems are subject to many of the same threats that affect cloud technology. Because of the nature of large amounts of potentially sensitive information being stored in databases, however, the impacts can be quite severe if unchecked. While not a comprehensive list, these threats give a sense of the types of dangers facing network administrators as companies adopt large-scale cloud database storage systems.
Data breaches – Data breaches are perhaps the most common threat to cloud databases as reported in the media. In a data breach, hackers gain access to sensitive information stored in the cloud, such as customer credit card numbers or mailing addresses, and use it for personal gain. As more information is stored online in a centralized location, data breaches become potentially more severe, affecting millions of customers or employees at one time.
Account hijacking – In a hijacking attempt, intruders try to gain access to a user’s account by phishing or using holes in software security systems to discover passwords. When a user’s account login information is taken, intruders usually then change the password to lock users out of their accounts. At this point, any files or other information stored in the user’s cloud can be freely accessed, potentially including database information that provides data on many users at once.
APIs – An Application Programming Interface (API) is the technical means through which a user communicates with a cloud system, governing what permissions he or she has to attach third-party applications to the system. While cloud storage companies and other Internet entities have made great advances in developing secure APIs, such as OAuth, there is always the possibility that an intruder will find vulnerabilities to gain access to administrator API areas.
Data loss – When an intruder gains access to sensitive information, one possible outcome is for the intruder to delete the information in order to inconvenience its owner. If users do not keep up-to-date backups of files, it is possible that these files could be permanently lost if tampered with. When all files are stored in a single cloud-based server, deletion can trickle down to all user devices causing files to be lost everywhere simultaneously.
Cloud servers as malware platforms – The synchronizing services provided by cloud computing are undeniably useful for keeping database files up-to-date across devices and platforms. However, what happens if an attacker decides to use this same syncing mechanism to distribute viruses to all user devices simultaneously? If attackers are able to harness the power of cloud servers to spread malware across a network, the potential for damage is far greater than if attackers were only able to affect a small, locally stored organization network.
Reducing Risk
The risks to cloud databases may be somewhat sobering, yet understanding them can help users reduce potential damage. These general steps offer system administrators some guidance on how to approach cloud database security to safeguard the network from intrusion scenarios.
Understand your network – It is important for administrators to have a solid understanding of where and how sensitive information is stored on the network. Each of the various types of network data, including log files and data embedded in documents, should be classified and labelled. Access permissions should be reviewed and understood so that administrators can ensure that each file type can only be accessed by the proper individuals.
Secure network data – Building on the previous idea of access permissions, this next step involves identifying how much data each particular type of user will be permitted to see. Full access should only be given to the individual data owner, with sensitive areas classified for all other user types. Data encryption and masking techniques are used to protect user data from unintended access, including allowing partial viewing in some cases (such as seeing only a select few digits of an account number online, for example).
Monitor the network – Effective network security teams are proactive and search system security policies and logs frequently for exceptions that may indicate misuse of information. Security audits should be pursued on a semi-annual basis to take a more systematic, structured look at how information is being used and what defensive policies are in place. Often the best defense against intrusion is an understanding of what network vulnerabilities you have and how intruders might exploit these vulnerabilities for personal gain.
Utilize security intelligence technologies – Security Intelligence and Event Management (SIEM) technologies are designed to facilitate active network monitoring and identify areas of weakness in defense systems. These technologies provide constant analysis of system performance and can be used to identify potential breaches in real-time. While these technologies should not be used as a replacement for individual monitoring, SIEM can be used to supplement manual searches and provide a more comprehensive look at network status.
Keeping Your Data Safe
It is easy to let the risks of cloud computing overshadow its benefits, but we should be careful not let them do so. As with any technology, the security risks can be reduced with proper education and an effective response methodology. By maintaining a strong, proactive familiarity with network activity, administrators can significantly increase incident response time and keep the vast majority of cloud data safe. The growth of security intelligence technologies like SIEM can only help in this process, as long as they supplement, but not replace, personal attention and surveillance.