Your Data Security is Worth a (Multicloud) DAM

Database activity monitoring (DAM) refers to a class of security tools that monitor and audit user activity on databases. DAM first entered the market around 20 years ago to serve as an alternative to databases’ native auditing capabilities, which were slow and resource-intensive.

Multicloud DAM, the latest generation of these tools, has evolved in response to the global shift to the cloud happening over the last decade. It serves as a central source for auditing and monitoring a variety of databases hosted on multiple cloud platforms. But is it worth looking into for your data security program? Read on to find out.

DAM was born when organizations needed one platform to centralize the tracking and auditing of user activity across multiple different databases. Back then, native database auditing capabilities consumed a lot of disk resources and CPU, creating demand for more efficient tools.

DAM tools can be used for:

• Identifying suspicious data access in a database.
• Monitoring privileged users and administrators to protect against both insider and external threats.
• Storing database audit logs externally.
• Alerting on policy violations and anomalous activity.
• Aggregating activity from diverse database control systems.

Traditional DAM solutions are still relevant for on-premises or cloud databases that imitate the traditional database experience. But modern organizations using multiple cloud environments might find older DAMs lacking.

Limitations of traditional DAM include:

• False positives: Unlike their more modern counterparts, older DAM tools were meant to be used on their own, without integrating with many other tools. They provided excessive amounts of logs, promising that they would provide useful in the case of a breach. In reality, this caused confusion and data deluge.
• Not strictly necessary: Cloud-based databases’ native auditing capabilities have evolved with the times, and are no longer too resource-intensive to be used by themselves.
• Insufficient functionality: Today’s data environments need tools that do more than just reporting and alerting. Plenty of database security tools exist on the market that do everything DAM does and more, reducing control silos.
• Lack of cloud compatibility: Conventional DAM solutions can’t be installed on cloud-based databases, which are steadily rising in adoption.

For organizations with complex cloud topologies, traditional DAM is not enough. Multicloud DAM bridges the gap left by legacy DAM solutions.

Modern, data-driven businesses store data in databases on various Cloud Service Providers (CSPs) for different applications and use cases. As usage of Database-as-a-Service (DBaaS) tools offered by cloud providers increases, so does the need for auditing and monitoring functionality on them. The problem is that few of them actually offer this natively. Even when they do, capabilities vary across different CSPs, making it hard to standardize and streamline monitoring for the data.

This is where Multicloud DAM comes in, bridging the visibility gap in data stored across multiple CSPs. Multicloud DAM extends the functionality of traditional DAM, acting as a single tool for data protection across multiple cloud databases.

Benefits of Multicloud DAM include:

• Centralized and reliable security across diverse relational and NoSQL databases hosted on cloud service providers.
• User behavior monitoring, analytics and audit logs in real time.
• Adherence to regulatory compliance requirements through the ability to set data security policies.
• Separation of duties (SOD) and appropriate business user access to data, vulnerability management, user activity monitoring, and a forensic audit record of all SQL activities.

So you’re a data-driven organization, storing your data across multiple cloud providers. Once you decide that Multicloud DAM is right for your organization, here are a few suggestions for successful deployment:

1. While Multicloud DAM offers many advantages over previous generations of DAM, there could be a tradeoff in the ability to monitor administrators and other highly privileged users. You may want to consider a Data Security Platform, which offers both the functionality of Multicloud DAM and other features that compliment it, like data loss prevention (DLP), encryption, and tokenization.
2. Multicloud DAM is implemented using a few different architectures. One of them is interception-based, meaning that they monitor databases by intercepting communications between the database server and client. If implemented with a reactive log collection approach, the DAM won’t allow blocking of suspicious activity in SQL or direct access to a database. In this case, make sure you have robust access policies in place that include data anonymization based on role, attributes, or need.
3. Some interception-based DAMs catch SQL statements in the application layer, and won’t monitor the database logs themselves. In this case, make sure the DAM logs SQL or other statements while anonymizing any data within them.
4. Most cloud data platforms don’t allow agent software on the infrastructure layer, which means you can’t install agent based DAM on these platforms. If this is an issue, you can opt for solutions that don’t require agents, using proxies or API-based integrations.

This year, Gartner’s Data Security Hype Cycle for 2023 recognized Satori as a sample vendor for Multicloud DAM.

As a Data Security Platform, Satori combines the auditing and monitoring capabilities of Multicloud DAM with additional features like automated data access control, data classification, dynamic data masking, and posture management.

Satori makes it easy for data teams to set data access policies with a powerful authorization engine, and even easier for users to access data they need through a self-service data portal.

To learn more:

• Book a demo with one of our experts
• Read: Simplifying Data Monitoring and Protection with Satori
• Read: From “Default To Know” to “Need To Know” to “Need To Share”