What Is Imperva Cloud Data Security?

Learning objectives


• Explain why cloud misconfigurations occur and the risks associated with them.

• Explain how the Imperva Cloud Data Security solution works.

• Discuss the benefits of the Imperva Cloud Data Security solution to enterprises with modern distributed data environments.

Organizations increasingly adopt database-as-a-service (DBaaS) options to gain flexibility, increase scalability, and acquire cost savings advantages. IDC predicts that by 2025, the amount of data stored in the cloud will match that stored in on-prem data centers. However, many organizational decision-makers are still skittish about taking the plunge into the cloud, primarily due to security and compliance concerns. 

These are valid fears. Cloud services operate under a shared responsibility model, where the cloud services provider is responsible for the security of the cloud, and their customers are responsible for security in the cloud. While the cloud services provider secures and maintains the underlying cloud computing infrastructure, their customers secure the data and resources they run in the cloud.

Cloud Misconfigurations Are Costly & Common


Data security in the cloud is quite different from data security on-premises. Many traditional on-prem security tools and processes, such as database monitoring services, don’t work at all in the cloud. Others, including filtering all data through a proxy service, defeat the entire purpose of moving to the cloud. Many organizations resort to using multiple, disparate tools, which leads to data silos, lack of visibility, and errors.

Adding to the problem is a significant and ongoing shortage of cloud and cybersecurity professionals, coupled with the ever-growing complexity of modern, distributed data environments. The overwhelming majority (92%) of enterprises have a multi-cloud strategy, while 80% have hybrid cloud environments. Each cloud platform, and each database contained within it, has its own siloed set of tools. In addition to the difficulty of maintaining in-house staff with expertise in every cloud platform and database in use at the typical organization, IT departments struggle with visibility across clouds and database solutions.

Cloud configuration mistakes can be disastrous. Misconfigurations are the leading cause of cloud security breaches. In 2018 and 2019, companies worldwide lost an estimated $5 trillion to breaches caused by cloud misconfigurations -- a number which is almost certainly higher now that COVID-19 caused so many companies to accelerate their digital transformation plans.

Meanwhile, organizations tend to overestimate how well they’ve configured their cloud environments severely. One survey revealed that while organizations estimated that they averaged 37 cloud misconfiguration issues per month, the actual number was closer to 3,500. 

How Imperva Cloud Data Security Helps


The first database-agnostic security platform designed especially for the cloud, Imperva’s Cloud Data Security (CDS) solution unifies and simplifies database security management across distributed data environments to enable fast, agile database activity monitoring. Imperva CDS supports databases wherever they’re hosted, including DBaaS solutions and infrastructure as a service (IaaS) solutions in multi-cloud and hybrid cloud environments.

Imperva CDS is a cloud-based (SaaS) solution that deploys within minutes. It natively integrates with over 65 databases out of the box, and support for additional databases can be added in less than a month. Automated database discovery tools discover all of the database assets in an organization’s cloud setup, and administrators decide which services they’d like Imperva CDS to monitor. The solution automatically determines which assets contain sensitive data and where that data resides, and automated data classification tools establish controls. 

IT and security personnel get immediate visibility and compliance controls over data throughout their environment. Newly created cloud workloads get secured within minutes, and activity monitoring and security insights support organizational data privacy and security without impeding performance. 

Imperva CDS integrates with existing security tools and processes, including SIEM solutions and existing database activity monitoring tools.

How Imperva Cloud Data Security Works


Imperva CDS integrates with cloud services providers by leveraging their native APIs, enabling the solution to work with virtually any database and any data warehouse or data lake, regardless of where it’s hosted: on-prem, in private, or any public cloud. Using API-driven connections also abstracts complexity and ensures that no component sits between the client and server, eliminating visibility gaps.

Imperva CDS operates by ingesting and analyzing database logs, which provides the solution with all of the information it needs to secure the database without accessing database instances. Administrators don’t have to give it any permission credentials, which simplifies deployment and helps minimize the organization’s potential attack surface. 

Additionally, Imperva CDS translates audit log data and augments it with meaningful context, helping unlock valuable insights. It stores multiple years’ worth of contextualized audit information, which administrators can rapidly retrieve for inclusion in compliance reports or investigative reasons.

Benefits of Imperva Cloud Data Security


Imperva CDS simplifies database monitoring in distributed data environments. Having one unified solution for database monitoring means that administrators can pare down the number of security tools they’re using, which minimizes costs, reduces the possibility of error (and breaches), and optimizes efficiency by freeing up IT and security staff to focus on other projects.

Imperva CDS can monitor any database, data warehouse, or data lake, ensuring data security without hindering innovation. Security and compliance protocols will be consistent throughout the organization, and developers will maintain them regardless of which technologies the business adopts in the future.


Table of contents

Logging in the Age of DevOps eBook

Download Now