Working in a WAN

Issue No. 2: Working in a WAN

Many current database activity monitoring solutions utilize a network sniffing model to identify malicious queries-an approach that is simply not feasible in cloud environments where the network is essentially the entire Internet.

Adding a local agent that sends all traffic to a remote server for processing doesn't work well with these models either, for reasons outlined later. Instead, you'll need to find a solution that is designed for distributed processing where the local sensor is able to analyze traffic autonomously.

Keep in mind that the cloud computing resources you are procuring are likely to be on a WAN, and network bandwidth and network latency will make off-host processing inefficient. The very concept of cloud computing (where are those servers, anyway?) likely prevents you from being able to colocate a server close to your databases, which means the time and resources spent sending every transaction to a remote server for analysis will inhibit network performance and prevent timely interruption of malicious activity.

A better approach when securing databases in cloud computing is to utilize a distributed monitoring solution based on "smart" agents so that, once a security policy is set for a monitored database, that agent or sensor is able to implement the necessary protection and alerting locally. This will prevent the network from becoming the gating factor for performance.

For remote management of distributed data centers, you'll also want to test the WAN capabilities of your chosen software. It should encrypt all traffic between the management console and sensors in order to limit exposure of sensitive data. Performance can also be enhanced through various compression techniques so that policy updates and alerts are efficiently transmitted.