Databases as a Service & Security: Can it be Trusted?
DBaaS is one of the most practical uses for the cloud because of the rapidly changing size of database records. It is important to note that databases are the most critical information infrastructures because they often contain sensitive information. Since databases are so important, they are often the main target of people looking to steal data.
Barry Shteiman is the Director of Security Strategy at Imperva. The company specializes in security data within the cloud. Mr. Shteiman recently talked about these vulnerabilities by saying, “In databases, most of the vulnerabilities discovered are privilege escalation related, meaning that you have to have access to the database first, and then you can exploit a vulnerability.”
Shteiman went on to talk about how the cloud gives hackers an advantage that they once did not have. On traditional systems, the hacker would need to procure an actual login into the system. In a public cloud setting, the hacker could create his own login and password, and only need to figure out how to break outside of the current database and give access to other databases that may be physically hosted alongside of the one they legitimately administer.
If a hacker is successful, much like one was when MongoDB cloud services were compromised, the results could be catastrophic. MongoHQ, the provider of MongoDB, said in a release that “Attackers were able to use the impersonation feature to access the MongoHQ accounts database, and used connection information to access some customer databases directly.” Computer forensic experts were brought in as well the FBI in order to determine the level of the breach and exactly which databases were compromised. There is one thing to take away from the MongoHQ scenario. In fact, MongoHQ says it best on their website: “We still recommend being paranoid.”
