As more enterprises move more sensitive data to the cloud, how you secure and protect your public cloud services and resources is critical. While Amazon does a stellar job of securing the underlying server hardware and software as their part of the Shared Security Model, securing what you put “in the cloud,” or the services you set up on the infrastructure they provide, is your responsibility.
What is RDS?
Amazon Relational Database Service (Amazon RDS) enables you to easily set up, operate, and scale a relational database in the cloud. It automates administrative tasks, often time-consuming, such as hardware provisioning, database setup, patching and backups and providing cost-efficient and resizable capacity.
In a nutshell, Amazon RDS can free you up, or your team, to focus on delivering the availability, performance, and security expected of your applications, rather than on database administration.
Amazon RDS enables you to quickly provision and run any relational database you want in the cloud, including Amazon Aurora, PostgreSQL, MySQL, MariaDB, Oracle, and Microsoft SQL Server, and makes it easy for you to migrate or replicate your existing databases to Amazon RDS with the AWS Database Migration Service.
What are the Risks to a Misconfigured RDS?
One of the common uses of RDS is doing a lift-and-shift from a private datacenter – with all of its traditional security controls such as network and application firewalls – to AWS, with its comprehensive but hard to configure security controls. While you may accomplish this quickly, you may overlook security issues because you’re dealing with a new environment where security controls are implemented differently.
When it comes to database security, you need to worry about all 3 major infosec concepts: confidentiality, integrity, and availability. You don’t want hackers stealing critical data such as credit card numbers, personally identifiable information, healthcare records, and the like, so you need to make sure that information is kept confidential. But stealing data isn’t the only concern, hackers may also modify the data to suit their nefarious purposes, to essentially trick the application into benefiting them in some way. So you must also ensure that the data’s integrity is maintained, i.e., that it cannot be modified without detection.
Lastly, if the information isn’t available, your application is effectively down, costing you customers and money. That’s why you need to make sure your databases are available all the time.
If you lose a mission-critical database, you may never be able to fully recover, so proper configuration is essential.
What are the Risks to a Misconfigured Amazon RDS?
How Does Halo Cloud Secure Help?
Halo checks, monitors and alerts you so you can ensure your RDS is: