How to improve cloud database security

These days it’s a surprise if a business isn’t using at least some form of a cloud service. It may be something as simple as Microsoft 365 or Google Docs. Or it may be something big and complex as a hybrid cloud setup with several providers and on-premises infrastructure.

Whatever the case, there’s something that every business which uses a cloud service has to keep in mind – security. Every company wants the data it uses to be safe. According to a survey by Oracle and KPMG from 2019, 71% of companies say that the majority of the data they store on a public cloud is sensitive. And 73% say they feel the public cloud is more secure than what they can deliver with their own data centers.

So, a big reason why companies are moving to the cloud is not only ease of use, but also better security. Still, there’s a lot more that a company can do to protect its data in the cloud. Especially if you go for a dedicated server or a hybrid cloud solution. First, let’s take a look at some of the concerns and risks you will face.

Top risks and concerns for database security

Storing data in the cloud certainly has benefits but do they outweigh the negatives? In most cases, the answer to that would be positive. However, this doesn’t mean that the negatives should be neglected.

One of the main issues is the human factor. 92% of organizations are concerned whether their employees will follow the cloud policies. And there’s always the risk of a disgruntled employee, too.

Another concern is whether the cloud service provider will be proactive enough in patching vulnerabilities. And how proactive is the provider in adding new security features and keeping the data center up to par? So, there are definitely a lot of things you need to keep in mind in order to secure your cloud database.

So what to do?

Obviously some of the risks are out of your hands. You can keep in touch with the data center operator to know what the new features are, but you can’t really expect them to add everything you need for you. Unless you’re a VERY big client, of course. But most aren’t.

So, companies have to adopt a “when-not-if” type of thinking and view security as a part of your daily workflow. When you hear about a breach on the news, don’t just say “oh, how bad for them” and move on. Research what happened and see whether or not your business and infrastructure is also vulnerable to something similar. This means allocating enough resources to be able to train employees, run checks and add improvements as and when needed.

But really do it. 60% of data breaches are actually done via vulnerabilities that have patches out but they are never installed. So, if you simply keep the software and services you used updated, you will lower the risk of a breach by a significant margin. This, though, means regular, long-term maintenance.

Of course, this is not enough. There are several other basic things you can and should do. Yes, it may seem as an expensive investment upfront, but it can offset a lot of bigger expenses and issues down the road – security training for employees. Get them to know the basic terms, risks and features of your systems. Educate them about phishing and the risks.

Also, invest in additional security features. Like Multi-Factor Authentication (MFA). One of the most secure ways would be to add a hardware key. Granted, this is also complicated and not really needed for every employee, but you can implement it for those with access to sensitive data.

For regular employees, simpler 2FA (Two-factor authentication) will be enough. Most services already offer such features, so enable them whenever available.

Also, don’t forget to back up. Cloud services are great, but they aren’t immune to failures. If the service you use doesn’t have built-in backup, make sure you add one. Or if you use a dedicated server – you will most likely have to setup the backup yourself. Either way, having a proper, regular backup setup is an absolute must.

Here’s another basic thing that many companies neglect. When an employee leaves the company, make sure there’s an off-boarding process in place. This means not only asking them to give back any documents or items they may have. It also means revoking access to the systems, email and so on. It seems basic, but you’d be surprised how many companies either completely forget to do that or think a simple password change is enough.

Now let’s dive deeper

So far, so good. We’ve covered the basics. Believe it or not, but they do make a difference. But it’s far from enough for companies which deal with sensitive data. To be honest, every data can be classified as sensitive, especially when it’s data about customers or internal business information.

But it’s a completely different ballgame when the company is big and/or deals with multinational markets. This is where you have to take additional steps in securing cloud stored databases.

Mind your regions

If you have data stored in a public cloud, some providers have data centers in various regions. And some also allow you to choose which ones to use. Enterprise-level services put a big focus on this and for good reason. You have to make sure that your data is close to the ones that actually use it. And you also have to keep in mind the legal differences in various countries.

Plus, having the data backed up in multiple zones is beneficial in the case of hacker attacks and natural disasters to a specific region. This will ensure data availability no matter what happens. It’s also recommended to keep the data in at least three different zones.

Control of access

While we touched on the employee access, for big enterprises, we have yet another level. This means the physical security. Yes, even the cloud needs some physical attention. If your server is on your premises, you have to set up the controlled access room, climate control and so on.

But if you use a cloud service provider, then it’s up to them to cover these bases. You, as a client, are able to request information about the security measures taken, including physical access, so that you know that your data is safe both online and offline.

Also, take the time and effort to review and adapt the roles and permissions of access. Make sure each role has access only to the features and data that are relevant to it. Have a process in place for the times when more access is needed. This way there will be better responsibility and it will be easier to manage in case of trouble.

Encrypt all the things

All of the security features and controlled access might be useless if the data and the connections to and from it aren’t encrypted. So make sure proper VPNs are being used, the database is properly secured and so on. Also, do not neglect the security of the encryption keys, too.

Secure the backup

Yes, we made a lot of fuss about how much backups are important. But there’s more to it. You have to make sure that all backups are also properly secured. This means adding the same security standards and practices to the backups: secure storage in more than one place, control of access, encryption. All of this has to be part to the backup if you want to be able to safely rely on it when the time comes.

Keep track

Add management software for monitoring of the activities in your network and cloud services. This means logging performed operations, logins and so on. This way it’s easier to pinpoint the source of a problem and it’s important to be able to do so quickly, especially during a security “event”.

Regular audits

You have to setup a regular schedule for database and server audits. Of course, it has to include the state of the security features and the implementation of new best practices.

Security of the devices

And here’s another risk that’s also far away from the database. It’s located in the devices that employees use. Especially these days when remote work is so vital. So, you have to make sure that the devices your employees use to access the cloud database are also well maintained and secured. This means using the latest software and following the company-established best practices and rules.

Also, many modern smartphones support running a separate ‘work mode’ which keeps company apps in a sandbox, giving another layer of security in case the user’s private apps get breached. Thus, it’s a good practice along with employees using at least some sort of screen lock to limit uncontrolled physical access to the device.

Following all of these practices will help you significantly improve your cloud database security. As you see, many of the steps are not directly tied with the cloud itself, but with the peripheral systems and the human factor. This is why it’s important to keep an open mind when it comes to security. It should be part of your workflow along with the ability to quickly adapt and add new features and measures on a regular basis.