Whether the means of a cyber-attack are phishing, ransomware, advanced persistent threat, malware, or some combination, the target is ultimately the same: your data.
So, as companies seek to implement a zero-trust approach to security, they would do well to include database protection.
Interest in Zero Trust is certainly high, with nearly two-thirds (63%) of organizations worldwide having implemented a zero-trust strategy, according to a recent Gartner survey. But it is hardly all-encompassing.
“For most organizations, a zero-trust strategy typically addresses half or less of an organization’s environment and mitigates one-quarter or less of overall enterprise risk,” said John Watts, a VP Analyst with Gartner. “Scope is the most critical decision for a zero-trust strategy.”
Securing databases in a zero-trust environment
Clearly, given the value of your data, that scope should include databases (and data stores) for structured and unstructured data. These can be deployed on any combination of on-premises, public or private clouds. The databases could be self-managed, and SaaS, PaaS, or IaaS implementations could be used for configuration and maintenance.
As defined by NIST, the gist of a zero-trust architecture is that no person, system, network, or service is trusted, no matter its location or who owns it. That means verifying every person or application's identity and authorization status attempting to establish access to your network and/or resources.
By that definition, zero-trust principles apply to the databases where your valuable crown jewels are stored. In addition to the authorization and authentication required before anyone gets access to your resources, it takes additional measures to ensure the security of your data, including:
- Identifying vulnerabilities in data stores that attackers could exploit to gain access to your sensitive data
- Limiting user access to the most sensitive data
- Alerting on suspicious activity, intrusions, and policy violations
What to look for in a database security platform
Companies can address these issues by employing a security software platform specifically designed to address the Zero Trust requirements that databases warrant. Looking for a few key functions will help you ensure the platform is up to the task.
First, it should proactively assess your database security posture to uncover any weaknesses, like vulnerabilities and misconfigurations, that attackers can exploit and lead to data exfiltration, thus reducing your risk.
Continuous monitoring of database activity is also a must. Such monitoring should be based on policies that align with your organizational security goals. The platform should also alert on potential suspicious events based on behavior analytics, not just known signatures.
Another function to look for is granular access control and privilege analysis to all database accounts. This analysis allows for the constant validation that only those with a valid purpose have access to administration, application, and service accounts.
Similarly, database security software needs to enforce the principle of least privilege. That means performing deep analysis of the users, roles, objects, and privileges required to enforce Zero Trust ideals. This enables organizations to limit the database accounts only to those who need access and to adjust and enforce data access policies.
How Trustwave DbProtect Addresses Zero Trust Requirements
Trustwave DbProtect can help you address these functions for on-premises databases or those in public, private, or hybrid clouds. It automates two key functions on a continuous basis: assessing for database risk and monitoring database activity. Trustwave also offers a Managed Database Security service where our security professionals manage DbProtect for you.
In short, Trustwave DbProtect offers the most comprehensive security solution in the market. While others have shifted focus to cloud deployments, DbProtect ensures equal priority for both on-premises and cloud data stores, delivering robust protection aligned to the variance of typical enterprise deployments.
No Zero Trust strategy is complete without addressing data security in implementation or data types. To learn more about how DbProtect can help, talk to one of our experts.
