Despite increasing spending in cybersecurity, organizations are more at risk and attackers are more sophisticated than ever before. The old security approach based on “trust but verify” is no longer effective in a world that has dramatically increased online operations almost overnight—increasing security risks for organizations and individuals at the same time.
A zero trust security approach is needed to defend against threats. Organizations that take a zero trust approach no longer grant minimum privileges, instead granting access to files and systems only when necessary.
In this post, we’ll walk through the basics of zero trust security and explain why it’s the right approach for cloud environments.
What is Zero Trust Security?
First, a bit of history: The zero trust approach was created in 2010 by John Kindervag, the principal analyst at Forrester Research. Zero trust assumes the worst of all entities accessing your data, turning the traditional castle-and-moat security model on its head with the motto: “never trust, always verify”.
How Does it Work?
Zero trust security requires all users inside and outside the organization to be authorized and authenticated before their security posture and configuration is validated and they gain access to applications and data.
Principles of the Zero Trust Approach
- There is no such thing as a trusted source: the model assumes everyone who has access to the network is a potential attacker. Therefore, the system authenticates, authorizes, and encrypts every access request, from inside or outside the network.
- Uses a mix of preventative techniques: while other models focus on behavior analysis or role-based access, zero trust uses preventative strategies such as multi-factor authentication, least-privilege access, and micro-segmentation of network traffic.
- Employ real-time monitoring to catch anomalies: no security model can succeed if it doesn’t promptly detect suspicious activities. The zero trust approach encourages the use of real-time monitoring, which allows security systems and staff to detect intrusions and prevent lateral movement.
- Adopt a comprehensive security strategy: zero trust incorporates a mix of endpoint monitoring and detection, security policies, and best practices to ensure the safety of the network.
Why Zero Trust?
The old model of cybersecurity is clearly not working. Here are some stats:
A growing number of insider threats
A new study by the Ponemon Institute shows the number of insider threats has increased by 47% from 2018-2020. In the same period, the cost of these incidents also grew by 31%. The Ponemon report shows that while employee negligence is at the root of most incidents, the percentage of malicious intent related incidents has also increased.
Cybersecurity spending is increasing
In recent years, the average IT spending budget has decreased by $1 million since 2019 among small and medium businesses and by almost $20 million for large enterprises. However, allocations to IT security have increased. According to a Kaspersky report, we can expect spending in cybersecurity to grow by 11% at the enterprise level, and 12% for SMBs in the next three years.
Cost of a data breach
And yet, breaches are still making headlines daily. According to IBM’s Cost of a Data Breach Report, the cost of a data breach can range from $1.25 million to over $8 million, depending on the country.
The zero trust approach provides a solution for these worrying numbers. Zero trust does more than provide an extra layer of security. Adopting a zero trust approach can effectively reduce the risk of insider threats as it tightens security inside the network. As a holistic approach, it treats the entire environment as one in terms of security, decreasing the chances of a threat slipping through the cracks.
Why Is Zero Trust Essential for Cloud Environments?
In recent years, a large percentage of companies have moved their databases to the cloud. Cloud security vs. on-premise security is different, however. On-premises databases can be walled off from the rest of the digital world by tight control of networks and via layers of firewalls. When databases move to the cloud, the cloud provider becomes responsible for the security of the cloud infrastructure, with each client needing to enforce the security of their own environment and control access to data.
Since public clouds are shared resources, implementing zero trust protocols is essential. Fortunately, cloud providers like AWS have security policies on identity and access management for relational databases in the cloud that take the zero trust approach. However, it’s up to organizations to ensure they are implemented correctly.
Zero trust requires strict identification and permissions for anyone trying to access cloud resources, regardless of whether they are from inside or outside the organization.
Some challenges of zero trust implementations include:
- Legacy resources and processes: Legacy systems are often too costly to re-architect to adapt to the latest identity verification technologies. Therefore, many companies usually exclude them from the approach. This produces inconsistencies in the security strategy and can risk the entire system.
- Peer-to-peer models: Companies using the peer-to-peer model find that it breaks the micro-segmentation model required for zero trust. Additionally, peer-to-peer systems usually allow sharing data with minimal verification, which also conflicts with adherence to the least privilege principle.
- Visibility and control within the network: For a zero trust model to work, it requires complete visibility and control over the network. Most companies don’t have a comprehensive view into their processes, users, and systems.
- Applying the model in stages: Adopting the zero trust model in a piecemeal manner can leave gaps that compromise the ironclad security of the model. Therefore, it is important to increase security testing as you migrate to the model.
Applying Zero Trust to Cloud Databases
The principles of the zero trust approach may be fairly easy to apply in an enterprise network, but ensuring the security of cloud databases can be complicated. Databases on the cloud are subject to an overall security infrastructure provided by the cloud provider, like AWS. However, the shared responsibility model leaves access control and other factors under the responsibility of the client organization.
Challenges of Monitoring Database Activities
Organizations that are using tools designed for on-premises data centers to monitor activity in their public cloud environments have found gaps in coverage and functionality.
Often, the different database systems available in the AWS cloud, such as Aurora, Redshift, DynamoDB, and so on, require different methods to access files, monitor APIs, etc. and so are not supported. Additionally, Database Activity Monitoring solutions would need to handle multi-zone deployments for relational databases in AWS.
Organizations are looking to meet these needs by using a system specifically designed to handle these challenges.
Implementing zero trust implies having real-time and historical data that tells you if there has been continuous security or if there were times when the data may have been compromised. The implementation you choose should monitor activity for all applications and databases in your network.
Some considerations when checking the security configuration of cloud databases:
- Implement a single unified security architecture across the cloud environment.
- Check and control access and usage of the database.
- Monitor activity and traffic and enforce security policies across the cloud infrastructure.
- Review users in the AWS account.
- Automate audits.
How SecureCloudDB Helps Secure Databases in AWS Cloud Environments
SecureCloudDB is designed to handle the challenges of database security in the public cloud. In addition to being cloud-native, SecureCloudDB is the only database security tool that follows the principles of zero trust security through real-time database activity monitoring and policy stacking that manages and provides alerts using zero trust security configurations.
How does it work? Key features include:Checks the database for:
- Network configuration
- Auditing logs
- Password tests
- The security of backups
- User permission review
Database activity monitoring:
SecureCloudDB monitors detailed database activity for the different database systems present in AWS. The system is versatile enough to monitor from APIs in DynamoDB to clusters on Redshift. SecureCloudDB adapts to new database types and changes that may come with RDS and no relational databases in AWS.
A zero trust approach provides consistent and comprehensive security with visibility into data, assets, and risks while reducing the risks of insider threats. Implementing zero trust for cloud databases requires a cloud-native tool that is designed specifically to handle the challenges of cloud environments.
Learn more about how SecureCloudDB helps secure cloud databases: sign up for your free trial here.
You can also learn more about cloud database security in our paper, A Breach-Proof Public Cloud Database Security Program.