Consumption-derived Data Governance is Difficult to Flank

Print Friendly, PDF & Email

In this special guest feature, Doug Wick, Vice President of Product at ALTR, believes that data consumption governance, implemented at the query level to observe and control consumption of sensitive data, could help organizations to take full advantage of the cloud while reducing the associated risks. ALTR is a Data Security-as-a-Service (DSaaS) platform which brings simplicity to the protection and control of sensitive data. Over the last 20 years, Doug has served in various executive and senior management roles at enterprise and IT-focused software companies. He holds an MBA from the University of Chicago Booth School of Business.

Thanks to the critical business benefits offered by cloud computing, 77 percent of enterprises have placed at least one application or some portion of their computing infrastructure in the cloud. Yet many companies remain cautious about migrating all of their processes and data.  According to a recent report, data security is holding back three out of every four companies from moving forward on cloud projects.

Regardless of those security concerns, about one-fifth of all files in the cloud contain sensitive data—an amount that is increasing. This only adds to the challenges companies already face as they try to maintain IT security, privacy, and compliance.

Security policies typically cannot be consistently and seamlessly implemented across multi-cloud setups, often because organizations use several different security tools that are not supported across all cloud services and native integrations. Uniform policy definition and enforcement also suffers as applications operate among divergent cloud environments, resulting in data security blind spots.

Data security gaps in the move to the cloud

Oftentimes, in migrating data and processes to the cloud, legacy security products are ported or new and unfamiliar security products are adopted. This adds complexity, opens the door to human error, and creates an opportunity for hackers to steal sensitive data, or for data to get misused or abused by insiders with privileged access. A single unchecked box can lead to fundamental security gaps.

In one Open Web Application Security Project (OWASP), an engineer failed to disable directory listings on a server. That misstep opened the door for a hacker to list directories and access compiled Java classes. Attackers used reverse engineering to view the code and identify an access control flaw in the application, which allowed them to get inside the system.

Security breaches have also been identified when moving sensitive data into an Amazon Simple Storage Service (S3) for testing or analysis. The problem occurs when the S3 instance was not correctly secured, leaving it open to the web. Other potential security gaps during changeovers include insecure default configurations, incomplete custom configurations, unsecured cloud storage, misconfigured HTTP headers, and missed patches.

Even once the cloud migration is complete, security gaps may still remain. A key challenge is that data which leaves the protected boundary of the network continues to increase in quantity. Consider that enterprises often use homegrown, custom applications in the cloud that share sensitive data via API calls or other means—this is, in fact, a common model for AWS configurations. Similarly, applications which can leak data, such as social media, are being used much more frequently on company networks.

Employee negligence is another key problem. Most breaches involve weak, guessed or stolen credentials and passwords. Cracking passwords is often made easy due to poor security habits. Nearly one-quarter of people have some form of easy-to-guess passwords, according to a Google-Harris study, but even strong passwords can be compromised by determined attackers.

Query-layer data consumption governance
The gaps created by security approaches are variously bound to infrastructure which, implemented by IT security teams, is fraught with insider risks. Enterprises, as they “lift and shift” huge numbers of applications to the cloud, are also transporting and recompiling the application code itself. The trouble is that most applications are decoupled from the security infrastructure that protected them in the first place when they are moved, and often left exposed to the dynamics of cloud environments. 

Moving to the cloud essentially means turning more and more control over infrastructure to others to achieve cost and flexibility advantages. When this is done, the insider threat grows as unknown people actually manage the infrastructure itself,  and infrastructure-bound security products become even less effective. Even cloud security products are often tied to a specific cloud or a particular cloud deployment, which is just another version of the same problem.

To address these challenges, a signature example is to implement security in the workload itself—at the query layer—effectively decoupling security from infrastructure permanently. From this vantage point, it is possible to recognize unusual data consumption and thereby limit data loss when unauthorized access occurs. This can be achieved by programming compliance policy mechanisms into applications when they are built.

Similar to a credit card company blocking an account when spending looks suspicious, a consumption-derived governance model, by virtue of it being very closely tied to the data source, is difficult to flank. Data consumption governance policies, in this case, can be finely tuned according to identity, along with any host of other parameters, to block the flow of data when it exceeds preset thresholds.

Extending consumption governance 

The basic question of principle is how to augment identity systems alongside other approaches that assume that someone is not who they say they are. Providing data protection at the query layer, where the flow of data between applications takes place, means everything ‘above it’ by extension assumes less risk.‍

Query-level observability of data flows, however, remains vulnerable to credentialed network access. For instance, DBA credentials might allow a user to go directly to the database server and gain access to data without being subject to governance.

A way to prevent this is to build at-rest obfuscation of certain sensitive data values into the actual governance model. What this means is that some data is actually disguised, usually replaced with a token inside of the database itself. The same system that provides data consumption governance is the only system that can interpret the token and convert it back into its clear value.

Through this mechanism, any user or application that wants to consume particularly sensitive data must go through a governed pathway to get it. Because of that, consumption is evaluated in each instance. Broadly aligned with the principles of Zero Trust, this addresses even the most privileged access within an organization.

Because the cloud is a force multiplier in terms of growth, migrating applications there can remove barriers among people, partners, and customers while stabilizing operations. But achieving an effective “insider” security posture around data access in the cloud dictates solutions that are cloud-native themselves.

Data consumption governance, implemented at the query level to observe and control consumption of sensitive data, could help organizations to take full advantage of the cloud while reducing the associated risks.

Sign up for the free insideBIGDATA newsletter.

Join us on Twitter: @InsideBigData1 –

Speak Your Mind