A top priority for security teams is safeguarding sensitive information from unauthorized or improper access. To achieve this, it is crucial to select, implement, and integrate the right set of security controls. These controls must not only provide visibility into all data access but also facilitate efficient remediation of potential risks.
Achieving these goals has historically required two types of products – those that provide visibility and those that provide access control.
Choosing the right combination of security products can be daunting due to the abundance of options available, all broadly claiming to achieve similar vague outcomes. Often details are scarce as to how they actually achieve these claims. Marketing materials promise to provide full visibility, alert you to problems and secure your data. However, in reality, many of these products may not fully deliver on their promises.
In this blog post, we will explore how to approach achieving these two crucial outcomes: ensuring visibility into access patterns and enabling effective remediation for structured data.
Early approaches to addressing database security focused on activity monitoring. These Database Activity Monitoring (DAM) products primarily generated logs and provided reporting and alerting based on the activity in those logs. Risks were unfortunately only detected after the access had already occurred, and the visibility itself was incomplete. For example, the complexity, or more typically a complete lack of IAM integration for structured data leads to tools and apps connecting to databases using shared service accounts. This hides the identity of users using those tools, eliminating the end-to-end visibility required.
Time-consuming manual remediation further compounded the issue, leaving organizations vulnerable to data breaches for days, weeks, or longer. As a result, the need for more proactive measures that combined real-time monitoring with automated remediation became evident.
The rapid rise in the adoption of cloud, Infrastructure as Code, and the DevOps approach to IT operations have led to an explosion in data. This, coupled with the increase in the complexity and number of systems being built, has increased the potential for data security risks. As a result, a new category of data security products called Data Security Posture Management (DSPM) has now come to the market.
These DSPM products differ from DAM in that, rather than monitoring and detecting activity, they focus on the overall security posture by evaluating the configuration, access controls, and vulnerability status of the systems to detect and report on associated risks. DSPM products detect risks associated with misconfiguration, over-provisioned access, and known vulnerabilities related to patch management.
However, the same two critical flaws exist. Like their DAM counterparts, DSPM tools also have poor visibility into data access. For example, it is very difficult to know if a service account being used by an app or tool has over-provisioned access without considering who is using the tool.
And, while some tools talk about automated remediation, the reality of this capability is not quite as great as it sounds. Both due to limitations as well as acceptance to automatically change access for critical business data without human inspection. The resulting reality is still incomplete coverage and highly tedious manual remediation. This results in data security programs being incomplete in coverage and highly tedious, and leaves security professionals disappointed.
These two flaws are especially difficult to overcome when designing solutions as part of a comprehensive data security program. Complicating this challenge further is the massive proliferation of data across an ever-increasing variety of systems and tools, each with its own unique configuration options for implementing controls. For some practical guidance from trusted CISOs on how to get started, take a look at our recently released whitepaper –
Understanding and Navigating the Data Security Landscape
Each organization’s risks, security needs, and goals are unique. Ultimately it’s up to each team and it’s crucial that they clearly frame the specific requirements for their organization. Thorough evaluation of security tools specifically focused on the prioritized outcomes for their organization is paramount to ensure that the chosen solutions align with their unique needs. A robust evaluation process ensures that the selected security products actually provide the necessary visibility, monitoring, and remediation capabilities to safeguard sensitive data and reduce security risks effectively.
Cyral invites you to take a closer look at our unique approach to solving these challenges and welcomes your thorough evaluation.
