Not long ago, for security, compliance or other reasons, it was unthinkable for many regulated organizations to move sensitive data into the cloud. It’s striking how things have changed.
Maybe it was inevitable that services like email were cloud migration candidates. People trust Microsoft, and it’s quite impressive what they have done to make Office 365 simple to adopt and easy to maintain. It also has been reliable and secure enough to gain massive market share as organizations became comfortable with the risks. But aren’t databases different? Aren’t they exceptions?
Yes, they are different, but it seems that they are not exceptions. Resistance is falling to cloud database migration, and even some highly regulated companies are planning to deploy or already migrating databases to cloud-based architectures to meet growing business demands.
What is the right architecture? There is a lot of information available to advise you about that. As an example, if you are a Gartner customer, you can find their summary of architectural options here and a suggested framework for building a plan in this report. Similarly, Forrester has published extensive reports on cloud technology adoption, such as this one on relatively new Database as a Service architectural options.
However, one thing that moving to the cloud won’t change is that businesses and government organizations are still required to audit, monitor, and secure sensitive information, such as personally identifiable information (PII), financial records, or medical records to comply with ever-increasing regulatory mandates. In fact, both existing, and new regulations such as the European Union’s General Data Protection Regulation (GDPR), often come with very expensive penalties for regulatory failure.
Moving databases to the cloud – or launching new ones – presents new enterprise governance and security challenges. So, it’s interesting how rapidly the transformation is happening despite the above. Perhaps it’s because the economic pros of off-loading system and/or database maintenance to a cloud platform are so compelling they far outweigh the cons.
Still, despite a clear mandate to proceed, organizations should move with some caution. Application groups should not charge ahead without any compliance and security group participation. So, what is it then that compliance specialists, security staff and other IT professionals will contribute? What are their primary planning concerns?
Sometimes, when planning transformational change, it’s helpful to learn what your peers are thinking or have done. Imperva recently commissioned Forrester Consulting to survey 150 IT professionals from different size enterprise organizations who have completed or are in the process of adopting new big data or cloud database technology and questioned them about their concerns, expectations and results. Here we share a few insights from those survey results. You can download the full study here.
One question asked the survey participants to identify their top five governance requirements to achieve the benefits they want from their new architectures. Not surprisingly, the responses focused first on analyzing and managing threats, but also included the need for managing consistent policies across cloud databases, big data lakes, and existing on-premises databases. Here’s the response breakdown from the survey for that question (Figure 1):
Figure 1: Discovering and analyzing vulnerabilities and risk lead as the top three requirements
The consistent policies requirement makes perfect sense when you consider that most cloud migration will be a gradual process, since few organizations will be able to move everything at once. Realistically most organizations will probably end up managing both cloud and data center-hosted systems for a significant length of time.
The report went on to ask other questions, and for those with completed projects, to rate the outcome for governance measures they have taken. Specifically, respondents were questioned about the use of database activity monitoring (DAM) tools and how they’ve helped bring visibility and control to their processes. The chart below summarizes the expected versus realized benefits they found in a DAM solution (Figure 2):
Figure 2: Improved data compliance is the top realized benefit of a DAM solution.
It’s interesting to note that the one instance where the realized benefit didn’t surpass the expected benefit was with time spent on security. While DAM tools can offer greater security capabilities, they ultimately are not a replacement for dedicated security and compliance efforts from IT teams. In-house security expertise is a must-have regardless of where data resides—in the cloud, on-premises, or both.
Download the complete Forrester survey study here: “Modern Database Architectures Demand Modern Data Security Measures.”